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MovinaToward 

Meltdown 

Racks  of  ultracompact  blade  servers 
produce  an  amazing  amount  of  heat  that  can  « 
lead  to  equipment  failures  or  slowdowns. 

Now  data  center  managers  have  to  figure  out 
how  to  keep  this  hot  technology  cool.  Page  25 
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Cisco  Reiterates  WLAN  Threat 


Attack  tool  targets 
authentication  code; 
long  passwords  urged 

BY  BOB  BREWIN 

Cisco  Systems  Inc.  last  week 
said  it  plans  to  issue  a  new  — 
and  better  publicized  —  warn¬ 
ing  about  a  security  threat  to 
its  user  authentication  tech¬ 
nology  for  wireless  LANs,  af¬ 
ter  it  was  told  that  a  tool  for 
attacking  the  software  would 
be  publicly  released. 


Cisco  first  disclosed  in  early 
August  that  its  widely  used 
Lightweight  Extensible  Au¬ 
thentication  Protocol  algo¬ 
rithm  is  vulnerable  to  so- 
called  dictionary  attacks 
aimed  at  discovering  user 
passwords.  The  company 
posted  a  notice  on  its  Web  site 
and  said  its  sales  force  was 
told  to  inform  customers 
about  the  threat.  But  several 
Cisco  users  last  week  said 
they  never  got  word  of  it. 

Mike  Wiesenberg,  director 


of  network  services  at  Sharp 
Healthcare  in  San  Diego, 
faulted  Cisco  for  not  taking  “a 
more  proactive”  approach  to 
notifying  LEAP  users  of  the 
potential  for  attacks.  Wiesen¬ 
berg  said  he  doesn’t  check 
Cisco’s  Web  site  on  a  daily  ba¬ 
sis  for  security  updates  and 

WLAN  Threat,  page  13 


The  Trouble  With  LEAP 


■  What  it  is:  LEAP  is  an  authenti¬ 
cation  algorithm  that  relies  on  end- 
user  passwords  known  to  network 
devices  and  individual  PCs. 

■  What  it’s  vulnerable  to:  Cisco 
says  that,  like  most  password-based 
algorithms,  LEAP  is  susceptible  to 
dictionary  attacks. 

■  What  users  can  do:  Cisco  rec¬ 
ommends  “strong  passwords"  and 
a  requirement  that  they  be  changed 
periodically. 

Cisco’s  initial  security  notice  can  be 
found  at  QuickLink  a3670 


Pentagon  Moves 
On  Massive  HR 
System  -  Slowly 

Prime  contractor  chosen  for  $320M  project 
two  years  after  purchase  of  PeopleSoft  apps 


BY  MARC  L.  SONGINI 

More  than  two  years  after  it 
chose  PeopleSoft  Inc.’s  soft¬ 
ware  for  a  massive  human  re¬ 
sources  system,  the  U.S.  De¬ 
partment  of  Defense  is  finally 
ready  to  start  development 
work  on  the  $320  million-plus 
project.  But  it  will 
take  another  four 
years  to  complete  the 
rollout,  military  offi¬ 
cials  said. 

The  project,  which 
is  about  12  months 
behind  schedule,  will  create 
a  single  system  for  HR  and 
payroll  operations  across  all 
branches  of  the  armed  forces, 
incorporating  data  on  more 
than  3  million  military  person¬ 
nel  worldwide.  The  DOD  paid 
PeopleSoft  $48  million  for  an 
enterprise  software  license  in 


For  details  on  the 
DOD's  ERP  project, 
visit  our  Web  site: 

C  QuickLink  a3660 
computerworld.com 


August  2001,  and  last  week  it 
named  Northrop  Grumman 
Corp.  as  the  prime  contractor 
on  the  implementation  under 
a  nine-year,  $281  million  con¬ 
tract. 

U.S.  Navy  Capt.  Valerie  Car¬ 
penter,  the  joint  program  man¬ 
ager,  said  the  HR 
project  will  replace 
79  systems  within 
the  DOD.  She  added 
that  Pentagon  offi¬ 
cials  in  February 
plan  to  release  pro¬ 
jected  ROI  figures  for  the  ini¬ 
tiative,  which  is  officially 
known  as  the  Defense  Inte¬ 
grated  Military  Human  Re¬ 
source  System,  or  DIMHRS. 

The  DOD  project  will  be  the 
largest  installation  of  People- 
Soft’s  human  resources  appli- 
Pentagon,  page  13 


IBM  Hosting  Goes  On-Demand 

Remote  data  center 
service  takes  ASP  tack; 
offshore  is  an  option 

BY  PATRICK  THIBODEAU 

A  plan  unveiled  by  IBM  last 
week  may  ultimately  help 
make  the  location  of  a  corpo¬ 
rate  data  center  largely  irrele¬ 
vant,  even  allowing  for  data 
centers  that  are  outsourced 
offshore. 

IBM  has  broadened  its  re¬ 
mote  Virtual  Server  Services, 
which  had  been  offered  only 


on  its  zSeries  servers,  to  in¬ 
clude  the  rest  of  its  eServer 
line  —  iSeries,  pSeries  and 
xSeries  servers  —  with  sup¬ 
port  for  Windows,  Unix  and 
Linux. 

The  company  is  also  adding 
applications  to  its  on-demand 
computing  services  under  an 
application  service  provider 
model.  Officials  said  IBM  had 
inked  an  agreement  with  Sie- 
IBM  Hosting,  page  53 

iSIDE 

■  IBM  will  host  slimmed-down  Siebel 
CRM  apps,  ASP  style.  Page  53 


As  of  today,  security  is  not  just  about  what  you  can 


Start  with  Intrusion  Prevention  Solutions  from  McAfee  Security®  and  dis¬ 
cover  how  to  go  beyond  merely  detecting  threats  to  preventing  them  altogether. 
With  McAfee®  System  Protection  and  Network  Protection  Solutions,  your 
business  is  completely  protected — from  the  core  to  the  edge  of  your  network, 
including  servers  and  desktops. 


It's  about  what  you  can 


Start  building  productivity  faster.  Knowing  your  network  and  systems  are 
safe  from  both  known  and  unknown  threats,  you'll  be  free  to  focus  on  bigger 
picture  issues,  like  maximizing  the  ROI  of  your  technology  investment. 


Start  saying  yes  to  users  more.  Users  want  full  Internet  access,  they  want 
laptops,  they  want  PDAs,  they  want  wireless,  and  they  don't  want  to  hear  about 
how  security  concerns  outweigh  their  needs.  Now  they  don't  have  to.  Because 
with  McAfee  Security  you  can  start  giving  them  the  technologies  they  need 
without  giving  up  the  security  your  enterprise  demands.  w: 


without  giving  up  the  security  your  enterprise  demands.  u  , 

.  .  -  -  -  ■  ••.. 1 Z":  :,-b 
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Start  growing  securely.  When  you're  secure  you  can  start  thinking  more 

. .  .  .  '  ■ . . .  . 


about  how  ideas  spread  and  less  about  how  network  threats  spread.  You  can  A  '  ,V  : 
start  expanding  what  your  network  can  do,  not  simply  reducing  what  hackers 
can  do.  You  can  start  chasing  what  you're  after,  not  what's  after  you 


Start  today  at  start.mcafeesecurity.com 


Network  Associates  and  McAfee  Security  are  registered  trademarks  or  trademarks  of  Network  A 
affiliates  in  the  US  and/or  other  countries.  All  other  registered  and  unregistered  trademarks  he 
of  their  respective  owners.  ©  2003  Networks  Associates  Technology,  Inc.  All  Rights. Reserved1; 
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That’s  DigitAII  vision. 

njj  NK^nrdP  !  How  has  Bank  One  become  a  leader  in  banking 
ss  \JMwC  I  While  showing  its  nearly  500,000  small  business 
clients  the  path  to  a  bigger,  brighter  future?  With  unparalleled  vision  and 
absolute  clarity.  That’s  why  Bank  One  chooses  Samsung  —  the  world’s  leading 
manufacturer  of  TFT-LCD  displays.  And  now  Samsung’s  commitment  to  the 
big  picture  continues  withllhe  innovative  display  technology  found  in  the 
SyncMaster  192T,  giving  you  the  opportunity  to  visualize  a  future  just  as  bright. 


Super-bright,  razor-sharp  . .. 

19”  analog/digital  TFT/PVA  display 
Unique  dual-hinge  base  allows 
up  to  90°  tilt  for  optimal  ergonomics 
1280  x  1024,  Xtrawide™  1707170° 
viewing  angle,  VESA"  wall-mo||itable  base 
World’s  leading  manufacturer  of 
TFT-LCD  displays 


. Visit  wvyw.samsungusa.com 

GX-  V.-rrsufig  Electronics  America,  Inc.  Screen  images  are  simulated. 


Add  vision.  Add  possibility.  Add  Samsung. 
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Weighing  the  Change  to  Blades 

In  the  Technology  section:  Blade  servers  offer  many  advan¬ 
tages  over  1U  servers,  but  they’re  not  always  the  better 
choice.  They  reduce  hardware  and  conserve  data  center 
space  while  providing  flexibility  and  manageability,  but  the 
trade-offs  can  include  cultural  and  cooling  problems.  Page  30 


Outsourcing  Bl  With  Control 

In  the  Management  section:  Whether  you  farm  out  all 
or  part  of  your  business  intelligence  operations,  the  hot 
issue  is  making  sure  data  quality  won’t  suffer,  says  Mike 
Larson  (left),  a  product  and  process  quality  leader  at 
Canon  Information  Technology  Services.  Page  37 
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QuickPoll  Results 


The  single  biggest  factor  affecting 
IT  unemployment  is: 


General 

economic 

conditions 


H-IBvisa 

holders 


Other  2.5% 


©  Take  this  week's  QuickPoll  at  www.computerworld.com. 

SOURCE:  COMPUTERWORLD.COM  NONSCIENTIFIC  SURVEY.  1.112VOTES 


Is  the  Decay  of  Code  Inevitable? 

DEVELOPMENT:  Developers  often  want  to 
rewrite  code  that  they  are  given  to  maintain. 
Maybe  this  practice  should  be  required. 

©  41717 


It’s  All  in  the  Interoperability 

STORAGE:  The  CEO  of  The  Storage  Group 
discusses  interoperability  issues  and  data 
protection  strategies.  ©  41752 

Wireless  Is  ‘In’:  Use  It  Wisely 

SECURITY:  Columnist  Marcia  Wilson  under¬ 
stands  the  lure  of  Wi-Fi,  but  she  also  fears  for 
those  business  travelers  who  don’t  consider 
the  risks.  ©  41665 
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of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 
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IBM  Makes  Cuts 
At  ET  Services  Unit 

IBM  said  that  about  720  U.S. 
workers  at  its  IT  services  unit  are 
being  laid  off  as  part  of  a  re¬ 
assessment  of  the  operation’s 
staffing  and  skill  needs.  The  cut¬ 
back  at  IBM  Global  Services  fol¬ 
lows  a  similar  layoff  that  was  an¬ 
nounced  late  last  month  by  the 
company’s  software  group 
[QuickLink  41712].  IBM  Global 
Services  currently  employs  about 
180,000  people. 


Siebel  Expects  Q3 
Loss,  Lower  Sales 

CRM  software  vendor  Siebel  Sys¬ 
tems  Inc.  said  it  expects  to  report 
a  loss  of  about  $60  million  for  the 
third  quarter  on  revenue  of  about 
$320  million.  The  San  Mateo, 
Calif.-based  company  said  it 
would  be  profitable  if  not  for  one¬ 
time  expenses,  including  a  $107 
million  charge  taken  to  cover  re¬ 
cent  layoffs.  It  added  that  soft¬ 
ware  sales  will  total  about  $110 
million,  down  13%  from  $126.8 
million  a  year  ago. 


Microsoft  Targets 
Small  Businesses 

Microsoft  Corp.  this  week  plans  to 
release  small-business  software 
bundles  that  are  built  around  Win¬ 
dows  Server  2003  and  tailored  to 
companies  with  fewer  than  100 
workers  and  50  PCs.  The  Win¬ 
dows  Small  Business  Server 
2G03  offering  includes  a  stan¬ 
dard  edition  with  Exchange  Serv¬ 
er  2003  and  a  premium  version 
that  adds  SQL  Server  2000  and 
Microsoft’s  Internet  Security  and 
Acceleration  Server. 


HP  Tries  to  Lure 
Sun  Users  to  Linux 

Hewlett-Packard  Co.  announced  a 
program  aimed  at  converting 
users  of  Sun  Microsystems  Inc.’s 
Unix  servers  to  Linux  systems.  HP 
said  it  will  offer  users  $25,000 
worth  of  assessment,  porting  and 
migration  services  at  no  cost. 


Data  Problems  Thwart 
Effort  to  Count  H-lBs 


Systems  lack  ability 
to  share  information 


BY  PATRICK  THIBODEAU 

WASHINGTON 

EDERAL  OFFICIALS 
don’t  know  how  many 
H-1B  visa  holders  are 
working  in  the  U.S.  be¬ 
cause  the  two  systems  that 
collect  critical  data  on  visa 
holders  aren’t  integrated. 

That  problem  was  detailed 
in  a  long-awaited  General  Ac¬ 
counting  Office  report  re¬ 
leased  last  week  on  the  H-1B 
program’s  effects  on  the  U.S. 
workforce.  The  GAO  said  its 
effort  to  study  the  matter  was 
hindered  on  two  fronts. 

First,  key  data  is  missing. 
One  system  tracks  entries  and 
departures  of  H-1B  holders, 
and  another  monitors  changes 
in  a  visa  holder’s  status,  such 
as  loss  of  employment.  But 


those  systems  aren’t  integrat¬ 
ed,  so  the  government  doesn’t 
know  how  many  visa  holders 
are  in  the  U.S.,  the  GAO  said. 

Second,  the  GAO  contacted 
145  companies  to  discuss  their 
H-1B  use,  but  only  36  agreed  to 
interviews.  While  the  nearly 
50-page  report  anonymously 
summarizes  the 
results  of  the  in¬ 
terviews,  the  GAO 
warned  that  be¬ 
cause  of  the  small 
sample  size,  the 
results  “cannot  be 
viewed  as  repre¬ 
sentative  of  all 
H-1B  employers.” 

Chris  McManes, 
a  spokesman  for 
the  U.S.  chapter  of  the  Insti¬ 
tute  of  Electrical  and  Electron¬ 
ics  Engineers  Inc.,  which  has 
opposed  the  H-1B  program, 
said  the  small  sample  “limited 
the  GAO’s  ability  to  assess 


what’s  really  going  on.” 

McManes  said  the  findings 
support  arguments  that  H-1B 
workers  are  being  paid  less 
than  their  U.S.-citizen  coun¬ 
terparts,  at  least  in  one  age 
bracket.  Salaries  listed  on  ap¬ 
proved  H-1B  petitions  for  ei¬ 
ther  electrical/electronic  engi¬ 
neers  or  systems 
analyst/program¬ 
mer  analysts  who 
were  between  31 
and  50  years  old 
were  about 
$11,000  to  $22,000 
lower  than  the 
salaries  reported 
by  U.S.  citizens. 

But  the  salaries 
of  HTB  workers 
18  to  30  years  old  were  as 
much  as  $10,000  higher  than 
those  of  their  U.S.  counter¬ 
parts,  which  may  mean  that 
there  are  more  hires  in  this  age 
group  with  advanced  degrees. 


Thom  Stohler,  a  vice  presi¬ 
dent  of  the  AEA,  a  trade  group 
representing  the  high-tech  in¬ 
dustry  that  has  advocated  a 
higher  H-1B  visa  cap,  said  the 
report  underscores  the  need 
for  better  data.  “We  all  need  to 
be  using  the  same  data,  or  we 
cannot  have  rational  a  discus¬ 
sion,”  he  said. 

The  H-1B  visa,  which  allows 
skilled  foreign  workers  to  take 
jobs  in  the  U.S.  for  up  to  six 
years,  is  limited  by  a  cap  that 
declined  to  65,000  last  week 
when  the  new  federal  fiscal 
year  started.  The  cap  had  been 
195,000  for  the  past  three  years. 

Vic  Goel,  a  Greenbelt,  Md.- 
based  immigration  attorney, 
said  the  reduced  cap  will  be 
reached  by  early  next  year,  in 
part  because  about  22,000 
pending  H-1B  applications 
filed  in  the  last  fiscal  year  will 
be  counted  against  this  year. 

The  U.S.  Department  of 
Elomeland  Security,  which  is 
now  responsible  for  immigra¬ 
tion  policy,  is  aware  of  the 
visa-tracking  problem  and  is 
developing  a  consolidated  sys¬ 
tem,  according  to  the  GAO. 

©  41884 


HP  Rolls  Out  Stackable 
Gigabit  Ethernet  Switches 


BY  MATT  HAMBLEN 

Hewlett-Packard  Co.  today 
will  announce  several  net¬ 
working  products,  including  a 
pair  of  stackable  edge  switches 
that  it  said  can  support  Gigabit 
Ethernet  transmission  speeds. 

The  new  HP  ProCurve 
switches  are  priced  at  about 
$100  per  port,  making  them 
the  most  affordable  Gigabit 
Ethernet  switching  devices 
now  on  the  market  for  edge 
networking  use,  claimed  Darla 
Sommerville,  general  manager 
of  ProCurve  networking  in 
HP’s  Americas  region. 

The  switches  began  ship¬ 
ping  last  week  along  with  new 
ProCurve  management  soft¬ 
ware  that  HP  said  gives  IT 
managers  more  network  con¬ 
trols,  including  a  single  view 
of  wired  and  wireless  net¬ 
works.  HP  also  released  a 
wireless  access  point  device 


that  was  announced  last 
month  and  supports  connec¬ 
tivity  via  the  802.11b  and 
802.11g  protocols. 

Richard  Lee,  director  of  op¬ 
erations  at  Media  General  Inc. 
in  Richmond,  Va.,  has  been  us¬ 
ing  a  demonstration  model  of 
the  24-port  ProCurve  Switch 
2824  for  three  months,  moving 
it  to  different  network  loca¬ 
tions  to  test  it.  Lee  said  he  has 
ordered  20  more  switches 
from  HP  because  the  demon¬ 
stration  device  has  proved  to 
be  effective. 

Lor  instance,  Lee  has  used 
the  switch  to  triple  the  speed 
of  backing  up  data  from  Media 
General’s  260  servers,  which 
include  IBM  AS/400s  plus 
computers  running  Windows, 
Unix  and  other  operating  sys¬ 
tems.  Many  of  the  servers 
have  built-in  Gigabit  Ethernet 
connections,  “so  it’s  advanta¬ 


geous  for  us  to  have  the  speed 
in  the  switch,”  Lee  said. 

He  added  that  Media  Gener¬ 
al,  a  newspaper,  TV  and  Inter¬ 
net  company  with  1,600  em¬ 
ployees  at  its  corporate  offices, 
has  found  HP’s  switches  to  be 
reliable  in  the  past,  with  up¬ 
front  prices  that  were  less  than 
half  the  cost  of  comparable 
Cisco  Systems  Inc.  switches. 

Chad  Williams,  director  of 
public-sector  sales  at  Matrix 
Integration,  a  Jasper,  Ind.- 
based  company  that  resells 
and  installs  Cisco  and  HP 
products,  said  he  generally 
can  offer  HP  switches  at  half 
the  price  per  port  that  Cisco 
charges.  In  addition,  HP  does¬ 
n’t  have  an  annual  mainte¬ 
nance  fee,  while  Cisco  charges 
users  about  25%  of  the  upfront 
purchase  price  of  a  switch  per 
year,  Williams  said. 

HP’s  announcements  will 
help  round  out  its  line  of 
switches,  which  have  been 
known  more  for  data  center 
switching  than  for  WAN  use, 
said  Zeus  Kerravala,  an  analyst 


HP’S  NEW  PRODUCTS 


■  PROCURVE  SWITCH  2824: 

Supports  20  Gigabit  Ethernet 
ports  and  four  ports  for  either 
Gigabit  Ethernet  or  mini-GBIC 
(Gigabit  Interface  Converter) 
connections. 

Starts  at  $2,499. 

■  PROCURVE  SWITCH  2848: 

Supports  44  Gigabit  Ethernet 
ports  and  four  dual-mode  ports. 

Starts  at  $4,899. 

■  PROCURVE  WIRELESS 
ACCESS  POINT  420  NA: 

Includes  two  removable  antennas 
and  Power  over  Ethernet  connec¬ 
tions.  Starts  at  S469. 

■  PROCURVE  MANAGER 
PLUS:  Network  management 
software  that  supports  both 
wired  and  wireless  networks. 

Starts  at  $1,999. 


at  The  Yankee  Group  in 
Boston. 

HP  ranks  third  in  total  Eth¬ 
ernet  switch  revenue  in  North 
America,  trailing  Cisco  and 
Marlboro,  Mass.-based  3Com 
Corp.,  Kerravala  said.  ©  41813 
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CIOs  Holding  on  to  Their  Jobs  Longer 

Weak  economy,  push  for  stability  reduce  turnover  for  execs 


BY  THOMAS  HOFFMAN 

As  companies  finalize  their  IT 
budgets  for  next  year,  some 
CIOs  are  finding  themselves 
eyeing  their  calendars  for  an 
altogether  different  reason:  to 
mark  the  increasing  amount  of 
time  they’re  spending  at  their 
current  jobs. 

Consulting  firm  Meta 
Group  Inc.  said  its  research 
shows  that  CIOs  currently  are 
staying  in  their  jobs  for  an  av¬ 
erage  of  3.5  years.  Although 
survey  data  measuring  how 
job  tenures  have  changed  in 
recent  years  isn’t  readily  avail¬ 
able,  seven  CIOs  and  several 
technology  analysts  last  week 
said  anecdotal  evidence  indi¬ 
cates  that  longevity  rates  are 
on  the  upswing  in  corporate 
IT  departments. 

There  are  several  factors 
contributing  to  the  higher  CIO 
retention  rates,  they  noted. 

For  starters,  many  corporate 
CEOs  have  tried  to  maintain 
stable  management  teams  be¬ 
cause  of  the  weak  economy,  in 
part  to  reassure  skittish  in¬ 
vestors.  The  economic  prob¬ 
lems  have  also  reduced  the 
amount  of  job-hopping  by  IT 
executives. 

There’s  less  churn  among 
CIOs  in  corporate  America 
now  than  there  was  during  the 
dot-com  boom,  when  all  types 
of  IT  professionals  moved 
from  job  to  job,  said  Damien 
Bean,  vice  president  of  corpo¬ 
rate  systems  at  Hilton  Hotels 
Corp.  in  Beverly  Hills,  Calif. 
“CIOs  that  have  done  an  effec¬ 
tive  job  of  aligning  technology 
with  business  requirements 
seem  to  be  hanging  around 
longer  to  see  through  on  those 
efforts,”  Bean  added. 

Tech-Sawy  CEOs 

In  addition,  the  CIOs  said 
CEOs  and  chief  financial  offi¬ 
cers  have  become  more  tech- 
sawy  and  increasingly  recog¬ 
nize  the  importance  of  giving 
IT  leaders  enough  time  to  fol¬ 
low  through  on  the  technolo¬ 
gy  strategies  they  have  imple¬ 
mented  to  support  long-term 


business  objectives.  Corporate 
executives  “have  realized  the 
strategic  nature  of  technolo¬ 
gy,”  said  Heath  Daughtrey, 
vice  president  of  IT  services 
at  Harrah’s  Entertainment  Inc. 
in  Las  Vegas. 

“Part  of  it  is  that  there  aren’t 
a  lot  of  [job]  opportunities  in 
the  market  right  now,”  said 
Mike  Lecours,  information 
systems  manager  at  The  Gund 
Co.,  a  St.  Louis-based  maker  of 
electrical  products.  “But  man¬ 
agement  is  also  recognizing 
that  stability  is  needed  to  help 
IT  leaders  execute  on  the 
businesses’  strategies.” 


Users  say  they 
don’t  see  a  reason 
to  be  concerned 


BY  ROBERT  MCMILLAN 

Add  Silicon  Graphics  Inc.  to 
the  list  of  technology  compa¬ 
nies  that  have  been  dragged 
into  The  SCO  Group  Inc.’s 
Unix  copyright  infringement 
dispute. 

In  an  Aug.  13  letter  ad¬ 
dressed  to  SGI’s  legal  depart¬ 
ment  and  released  to  the  me¬ 
dia  last  week,  SCO  CEO  Dari 
McBride  claimed  that  SGI’s 
contributions  to  Linux  put  it 
in  breach  of  its  1986  Unix  li¬ 
censing  agreement,  originally 
signed  with  AT&T  Corp.  but 
subsequently  transferred  to 
SCO. 

According  to  McBride’s  let¬ 
ter,  “SGI  flagrantly  permitted 
the  copying  and  use  of  our 
proprietary  information  with¬ 
out  any  knowledge  of  the 
identities  of  the  recipients” 
and  “subjected  our  source 
code  to  unrestricted  disclo¬ 
sure,  unauthorized  transfer 
and  disposition,  and  unautho¬ 
rized  use  and  copying.” 

The  letter  threatens  to  ter¬ 


Tim  Monteith,  who  has 
been  CIO  at  Domino’s  Pizza 
LLC  in  Ann  Arbor,  Mich.,  for 
nearly  three  years,  said  the 
restaurant  chain’s  CEO  “has 
formed  a  team  that  has  been 
trying  to  drive  the  company  in 
many  new  directions,  and  that 
doesn’t  happen  if  you  keep 
flipping  leadership  all  the 
time.” 

Less  Volatility 

Furthermore,  industry-specif¬ 
ic  factors  may  be  contributing 
to  lengthier  CIO  tenures.  For 
example,  among  manufactur¬ 
ers,  “a  lot  of  ERP  implementa- 


minate  SGI’s  Unix  license  as 
of  Oct.  14  should  SGI  fail  to 
“remedy  all  violations.” 

Terminating  SGI’s  Unix  li¬ 
cense  would  affect  SGI’s  Irix 
operating  system,  which  uses 
SCO’s  System  V  Unix  code, 
according  to  SCO  spokesman 
Blake  Stowell.  “It  would  mean 
that  they  would  have  to  either 
stop  shipping  it,  or  either  de¬ 
stroy  or  return  all  copies  of 
Irix  to  SCO,”  Stowell  said. 

Meritless  Allegations 

Mountain  View,  Calif.-based 
SGI  responded  to  SCO’s  letter 
in  early  September  with  a  let¬ 
ter  claiming  that  SCO’s  allega¬ 
tions  were  without 
merit,  said  SGI 
spokeswoman 
Marty  Coleman. 

“Our  license  is  ful¬ 
ly  paid  and  nonter- 
minable.  They 
can’t  terminate  it,” 
she  said.  “We  don’t 
believe  that  their 
allegation  of 
breach  of  contract 
has  any  merit.” 

SGI  appears  set 
to  follow  in  the 
footsteps  of  IBM, 
which  in  June  had 


tions  weren’t  successful,  and 
the  CIOs  got  fired  for  that 
kind  of  thing,”  noted  Paul 
Klein,  CIO  at  Rich  Products 
Corp.,  a  Buffalo-based  maker 
of  frozen  foods.  But  now  that 
many  companies  have  com- 


HCIOs 
that  have 
done  an  effec¬ 
tive  job  of  align¬ 
ing  technology  with  busi- 
ness  requirements  seem  to 
be  hanging  around  longer. 

DAMIEN  BEAN,  Vice  president  of 
corporate  systems,  Hilton  Hotels  Corp. 


its  license  to  distribute  its  AIX 
operating  system  revoked  by 
SCO  following  similar  allega¬ 
tions.  IBM  continues  to  dis¬ 
tribute  AIX,  and  the  question 
of  whether  it  breached  its  Sys¬ 
tem  V  Unix  agreement  is  now 
the  subject  of  a  $3  billion  law¬ 
suit. 

Prior  to  revoking  IBM’s 
Unix  license,  SCO  sued  the 
company  for  breach  of  con¬ 
tract.  Stowell  declined  to  say 
whether  or  not  Lindon,  Utah- 
based  SCO  was  planning  simi¬ 
lar  legal  action  against  SGI. 

Two  users  of  SGI  hardware 
in  the  scientific  community 
said  they  have  no  concerns 
about  the  escalating  legal  fight 
between  SGI  and  SCO. 

Thomas  Quinn,  a  professor 
of  astronomy  at  the  University 
of  Washington  in  Seattle,  said 
the  SCO  case 
against  IBM  has 
been  in  his  mind 
for  months  be¬ 
cause  he  has  other 
machines  running 
Linux  in  his  lab. 

But  he  said  action 
by  SCO  against 
SGI  won’t  affect 
the  use  of  his  two 
SGI  Altix  3000  sys¬ 
tems.  “I’m  assum¬ 
ing  that  SGI  is  just 
going  to  continue 
to  support  my  ma¬ 
chines,”  he  said.  “I 


pleted  such  projects,  “there  is¬ 
n’t  as  much  volatility,”  he  said. 

For  their  own  part,  many 
CIOs  have  developed  a  better 
understanding  of  how  to  run  a 
business,  said  Steve  Scott,  vice 
president  of  IT  at  Vision  Ser¬ 
vice  Plan,  an  eye  care  benefits 
provider  in  Rancho  Cordova, 
Calif.  Scott,  who  will  have 
been  in  his  position  for  three 
years  in  January,  said  he  hopes 
to  “drive  that  [figure]  up.” 

Howard  Rubin,  executive 
vice  president  at  Meta  Group 
in  Stamford,  Conn.,  said  he 
sees  a  different  set  of  dynam¬ 
ics  at  play.  CIOs  who  have  met 
the  cost-cutting  pressures  im¬ 
posed  by  senior  management 
over  the  past  two  years  “have 
either  been  retained  or  pro¬ 
moted,”  he  said.  “Those  that 
didn’t  got  the  boot.”  ©  41841 


don’t  have  too  much  reason  to 
be  concerned. 

“At  the  moment,  just  from 
what  I  read  [about  the  SCO 
lawsuit  against  IBM] ...  as  far 
as  I  can  tell,  the  SCO  case  is 
essentially  baseless,”  Quinn 
said.  “I’m  going  with  the  as¬ 
sumption  that  this  case  is  real¬ 
ly  not  going  to  come  through, 
and  even  if  it  does,  it’s  going 
to  take  such  a  long  time,  it’s 
beyond  my  horizon.” 

Thomas  Zacharia,  an  associ¬ 
ate  lab  director  at  the  U.S. 
Department  of  Energy’s  Oak 
Ridge  National  Laboratory  in 
Oak  Ridge,  Tenn.,  agreed. 

“These  kinds  of  things  al¬ 
ways  happen  in  industry,”  as 
companies  have  disagree¬ 
ments  and  battle  issues  out  in 
the  courts,  Zacharia  said.  “We 
try  to  stay  out  of  these  exter¬ 
nal  activities.  These  things 
don’t  really  come  into  our 
realm.”  The  lab  uses  an  SGI 
Altix  3000  supercomputer 
with  256  Intel  Corp.  Itanium  2 
processors.  ©  41840 


McMillan  writes  for  the  IDG 
News  Service.  Todd  R.  Weiss 
contributed  to  this  report. 


FOIL  UNERASE 

To  access  all  ComputerworldsWies 
relating  to  the  SCO/Linux  diSDute, 
visit  our  Web  site: 

QuickLink  a3280 
www.compulerworld.com 


SCO  Threatens  to  Revoke 
SGI’s  Unix  License  Rights 


out  of  these 


external  activi¬ 
ties.  These 
things  don’t 
really  come 
into  our  realm. 


THOMAS  ZACHARIA, 

ASSOCIATE  LAB  DIRECTOR, 
OAK  RID6E  NATIONAL 
LABORATORY 
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Sun  Predicts  Big 
Loss,  Revises  Q4 

Sun  Microsystems  Inc.  said  it  will 
report  a  first-quarter  loss  that’s 
larger  than  Wall  Street  analysts 
had  forecast  as  a  result  of  “in¬ 
tense”  competition.  The  loss  will 
trigger  a  $1.05  billion  tax  charge, 
which  Sun  is  applying  to  the  re¬ 
sults  for  the  fourth  quarter  of  its 
latest  fiscal  year,  leaving  it  with  a 
loss  of  $1.04  billion  for  that  peri¬ 
od.  Sun  said  the  loss  in  its  first 
quarter,  which  ended  Sept.  28, 
could  reach  $325  million. 


Best  Buy,  EDS  Sign 
Help  Desk  Contract 

Electronics  retailer  Best  Buy  Co. 
said  it  has  signed  a  five-year  con¬ 
tract  to  outsource  help  desk  and 
IT  problem  management  opera¬ 
tions  for  its  stores  and  corporate 
offices  to  Electronic  Data  Sys¬ 
tems  Corp.  in  Plano,  Texas.  The 
value  of  the  deal  wasn’t  disclosed. 
EDS  said  it  will  initially  provide 
help  desk  services  to  Minneapo¬ 
lis-based  Best  Buy  from  a  facility 
in  Winnipeg,  Manitoba. 


Verizon  Offers  to 
Buy  Out  Managers 

New  York-based  Verizon  Commu¬ 
nications  said  it’s  offering  a  vol¬ 
untary  buyout  deal  to  virtually  all 
of  its  74,000  management  work¬ 
ers,  including  9,300  people  in  IT. 
A  Verizon  spokeswoman  predict¬ 
ed  that  several  thousand  employ¬ 
ees  will  accept  the  offer,  which 
was  announced  one  week  after 
the  company  lowered  its  financial 
results  forecast. 

Short  fakes 

IBM  said  it  has  signed  a  10-year, 
$2.5S  billion  outsourcing  deal 
with  NGRDEA  AB,  a  Stockholm- 
based  bank.  About  900  of 
Nordea’s  2,900  IT  workers  will 
be  shifted  to  an  IBM-run  joint 
venture. . . .  AGILE  SOFTWARE 
CORP.  has  bought  TRADEC  INC., 
a  maker  of  manufacturing  cost 
management  tools.  Both  compa¬ 
nies  are  based  in  San  Jose. 


MARK  HALL  ■  ON  THE  MARK 


Keeping  Users  Off-line 
Is  the  Way  to  Secure . . . 

. . .  your  network,  jokes  Stacey  Lum  of  InfoExpress  Inc.  in  Mountain 
View,  Calif.  While  noting  the  impracticality  of  the  idea,  the  CEO  of  the 
10-year-old  boutique  security  vendor  does  get  his  hackles  up  because 
companies  seldom  enforce  the  few  security  policies  for  which  end 
users  are  responsible,  such  as  having  remote  workers  install  patches 
and  upgrades  to  their  laptops.  “Where’s  the  enforcement?”  he  won¬ 
ders.  “Good  workers  don’t  get  fired  for  not  being  in  compliance  with  corpo¬ 
rate  security  policies.”  He  says  “nagware,”  those  pesky  automated  mes¬ 


sages  that  urge  users  to  update  their  soft¬ 
ware,  doesn’t  work.  That  means  it  falls  to 
IT  departments  to  stop  end  users  from 
contaminating  their  comrades  with 
viruses  and  worms.  One  way  to  do  that  is 
to  install  technology  that  can  evaluate 
the  compliance  of  a  remote  device  before 
permitting  it  on  the  network.  Another 
way  is  to  very  publicly  terminate  the  next  fool 
who  repeatedly  lobs  the  inevitable 
Blaster  equivalent  into  your  environ¬ 
ment.  More  fun,  too.  ■  Less  work  for  you 
is  possible  in  the  struggle 
to  secure  your  network  while 
still  keeping  your  job.  Auto¬ 
mated  patch  management 
can  be  the  ticket.  One 
vendor’s  offering  is  get¬ 
ting  a  face-lift  today. 

Boston-based  Manage- 
Soft  Corp.  is  releasing 
Security  Patch  Manage¬ 
ment  Version  6.6  with  im¬ 
proved  reporting,  policy- 
based  “push”  updating 
and  continuous  monitor¬ 
ing  of  the  Microsoft  secu¬ 
rity  patch  site,  with  selec¬ 


tive  download  options.  A  best  practice, 
suggests  CEO  Walter  Elliott,  is  to  use 
ManageSoft  to  establish  a  subset  of  ma¬ 
chines  to  run  the  patch  before  it’s  de¬ 
ployed  broadly.  Also  beginning  today,  the 
company’s  ManageSoft  suite  can  deploy 
and  update  software  on  Linux  systems.  Ex¬ 
pect  to  see  versions  for  Sun’s  Solaris, 
IBM’s  AIX  and  HP-UX  before  New  Year’s 
Eve.  ■  Let’s  say  you’re  thinking  about  se¬ 
curity  compliance,  and  your  business  is 
in  an  industry  with  strict  privacy  regula¬ 
tions,  such  as  the  med¬ 
ical  and  financial  sec¬ 
tors.  You  may  be  respon¬ 
sible  for  securing  e-mail 
between  doctors  and 
their  patients,  or  finan¬ 
cial  advisers  and  their 
clients  —  even  if  the  latter 
users  don’t  have  secure  sys¬ 
tems.  According  to  Terry 
Olkin,  chief  technology 
officer  at  Secure  Data 
in  Motion  Inc.  (better 
known  as  Sigaba),  a  strict 
reading  of  the  rules 
means  that  if  a  doctor 


Conduct  Business 


Next  week,  Commerce  One 

Inc.  will  ship  Conductor  6.5, 
its  process  automation  appli¬ 
cation  for  procurement  man¬ 
agement.  The  upgrade  now 
has  more  than  70  standard 
business  documents,  such  as 
invoices  and  purchase  orders. 
It  has  also  more  than  doubled 
to  200  the  number  of  adapt¬ 
ers  for  vertical  market 
applications. 


responds  to  a  query  from  a  patient  via  e- 
mail  and  the  patient  replies,  that  patient’s 
message  now  has  to  meet  HIPAA  privacy 
standards.  With  the  San  Mateo,  Calif., 
vendor’s  release  tomorrow  of  Version  4.0 
of  its  Sigaba  Secure  E-mail  software,  both 
parties  can  be  encrypted  through  the 
product’s  Send  Anywhere  feature.  The 
upgrade  also  includes  federated  authentica¬ 
tion,  so  single  sign-on  is  possible  for  users 
within  trusted  organizations.  Prices  start 
at  around  $50,000.  ■  Not  all  network 
problems  are  security-related.  Some¬ 
times  your  applications  are  acting  flaky. 
But  how  do  you  really  know?  Perhaps  if 
you  used  today’s  release  of  ClearSight 
Analyzer  3.0,  you  could  see  what  was  going 
on  -  literally.  Like  a  complete  video  ex¬ 
change  of  a  video/voice-over-IP  conversa¬ 
tion.  If  the  users  experience  jitter,  so 
does  the  network  analyst.  No  more  need 
to  delve  into  arcane  packet  analysis.  Of 
course,  the  product  lets  you  easily  get  to 
the  packet  details,  but  you  probably 
won’t  need  to,  since  the  problems  are  much 
more  obvious  to  behold.  And  it’s  not  just 
VoIP.  The  behavior  of  applications  such 
as  Domain  Name  System  operations,  Or¬ 
acle  databases,  Web  servers  and  much 
more  can  be  observed.  San  Mateo-based 
ClearSight  Networks  Inc.’s  software  sells 
for  $7,995.  Bargain  shoppers  can  get  it  for 
$5,995  through  December.  If  you  wait  a 
month,  you  can  buy  a  version  that  moni¬ 
tors  full-duplex  10/100  Ethernets  and  one 
that  oversees  Gigabit  Ethernet.  By  the 
end  of  the  quarter,  there  will  be  a  version 
for  monitoring  remote  sites.  ■  Take  note: 
Two  key  vendor  barometers  in  the  shift 
away  from  licensed  software  hit  mile¬ 
stones  in  September.  Application  service 
provider  Surebridge  Inc.  passed  the  $100 
million  mark  in  booked  business,  and  on- 
line-only  CRM  supplier  Salesforce.com 
signed  up  its  100,000th  user.  Many  small¬ 
er  ASPs  are  also  thriving.  Maybe  the  dot 
didn’t  bomb  after  all.  O  41820 


Marimba  Upgrades  Tool  to  Track  App  Use 


BY  MATT  HAMBLEN 

Marimba  Inc.  today  will  an¬ 
nounce  an  upgraded  applica¬ 
tion-tracking  tool  that  can 
measure  how  often  end  users 
run  the  programs  installed  on 
their  systems.  Like  similar 
products  from  rival  vendors, 
the  beefed-up  tool  is  designed 
to  help  IT  managers  reduce 
corporate  licensing  costs. 

The  Software  Usage  Solution 
6.0  release  will  extend  the  tool’s 
capabilities  for  tracking  appli¬ 
cation  inventories  to  include 
the  automated  collection  of 


usage  details,  such  as  the 
last  time  an  application  was 
opened  and  how  frequently  it 
is  used,  said  Kelly  Wagman,  a 
senior  product  marketing  man¬ 
ager  at  Marimba  in  Mountain 
View,  Calif.  IT  managers  can 
use  the  data  to  decide  whether 
to  buy  more  software  licenses, 
harvest  unused  applications 
for  other  end  users  or  cancel 
unneeded  licenses,  she  said. 

Scotia  Miller,  regional  man¬ 
ager  of  desktop  architecture  at 
Barclays  Global  Investors  in 
San  Francisco,  said  the  invest¬ 


ment  management  firm  urged 
Marimba  to  develop  the  abili¬ 
ty  to  track  application  use  af¬ 
ter  using  the  vendor’s  soft¬ 
ware  distribution  tools. 

Miller  has  been  using  a  pre¬ 
release  version  of  the  product 
for  about  six  months  to  track 
the  use  of  40  applications.  She 
said  Marimba’s  software  de¬ 
tected  about  1,100  unused  li¬ 
censes  in  a  three-month  peri¬ 
od.  About  half  of  the  end  users 
who  weren’t  using  programs 
said  they  didn’t  need  them. 

“The  cost  of  software  is  the 


driver  behind  this  initiative,” 
Miller  said.  “With  license 
monitoring  on  the  increase  by 
outside  groups,  our  CIO  also 
doesn’t  want  to  pay  the  Fines 
for  unauthorized  use.” 

Barclays  has  configured  the 
tool  to  detect  applications  that 
haven’t  been  used  for  35  days 
and  to  automatically  send 
e-mail  messages  to  end  users 
asking  if  they  want  to  give  up 
their  licenses.  The  35-day  limit 
was  chosen  to  give  workers  on 
long  vacations  or  business 
trips  a  reasonable  amount  of 
time  in  which  to  use  applica¬ 
tions,  Miller  said.  C*  41825 
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Iron  Mountain  Service  Assesses 
E-mail  Retention  Policies, 


Targets  financial 
firms  facing  need 
to  meet  SEC  rules 

BY  LUCAS  MEARIAN 

RON  MOUNTAIN  INC.  last 
week  announced  a  con¬ 
sulting  service  aimed  at 
helping  financial  services 
firms  comply  with  increasing 
pressure  from  regulatory  agen¬ 
cies  to  store  internal  and  exter¬ 
nal  electronic  correspondence. 

Boston-based  Iron  Moun¬ 
tain  said  its  Records  Manage¬ 
ment  Program  Gap  Analysis 
service  can  gauge  a  company’s 
retention  approaches  and  rec¬ 
ommend  changes,  including 
the  addition  of  e-mail  archiv¬ 
ing  and  search  capabilities 
that  can  be  outsourced  or  de¬ 
veloped  in-house. 

David  Young,  director  of 
business  systems  at  the  Com¬ 
mon  Fund  for  Nonprofit  Orga¬ 
nizations,  a  broker/dealer  in 
Wilton,  Conn.,  uses  a  message 
archiving  and  search  service 
for  Microsoft  Exchange  sys¬ 
tems  that  Iron  Mountain  an¬ 
nounced  in  January.  Young 
said  he  signed  up  for  the  ser¬ 
vice  because  of  regulatory 
pressures  and  an  increased 
threat  of  litigation. 

Following  the  Rules 

The  U.S.  Securities  and  Ex¬ 
change  Commission  requires 
Financial  services  firms  to 
store  all  e-mail  traffic  in  its 
original  form  for  at  least  three 
years  and  to  make  those  com¬ 
munications  “accessible”  for 
the  first  two  years.  The  Na¬ 
tional  Association  of  Securi¬ 
ties  Dealers  Inc.  also  has  rules 


Correction 

in  our  Sept.  29  Reid  Report  titled 
"Growing  into  a  Data  Center,"  the 
name  of  the  CEO  of  Occupational 
Health  ♦  Rehabilitation  Inc.  was 
misspelled.  His  name  is  John 
Garbarino. 


that  require  brokerages  to 
monitor  and  store  communi¬ 
cations  with  their  clients. 

Young  said  that  trying  to 
comply  with  the  message  re¬ 
tention  rules  on  your  own  can 
become  “an  administrative 
nightmare”  for  IT  managers. 
“You’ve  got  boxes  [of  paper 
documents]  to  deal  with,  opti¬ 
cal  storage  to  deal  with,  you 
need  additional  IT  support  for 
disaster  recovery,  and  you  need 
to  make  sure  your  servers  are 
up  and  on  the  network,”  he  said. 

Brian  Babineau,  an  analyst  at 
Enterprise  Storage  Group  Inc. 
in  Milford,  Mass.,  said  a  cot¬ 
tage  industry  has  grown  up 
around  regulatory  compliance 
within  the  Financial  services 
market.  But  he  cautioned  that 


BY  LUCAS  MEARIAN 

EMC  Corp.  announced  last 
week  a  pair  of  network- 
attached  storage  (NAS)  devices 
that  connect  to  its  midrange 
Clariion  disk  arrays  for  inte¬ 
gration  with  systems  on  stor¬ 
age-area  networks  (SAN). 

The  Hopkinton,  Mass.- 
based  company  also  intro¬ 
duced  an  entry-level  version 
of  its  Celerra  NS600  NAS  file 
server  with  a  built-in  Clariion 
array.  In  addition,  EMC  said 
all  of  its  NAS  products  now 
can  support  a  mix  of  low-cost 
ATA  and  high-end  Fibre  Chan¬ 
nel  disk  drives.  The  rollout 
continues  EMC’s  strategy  of 
targeting  the  midrange  market 
with  hardware  that  supports 
high-end  functionality,  such  as 
support  for  making  point-in- 
time  copies  of  data. 

EMC  said  the  new  NS600S 


outsourcing  isn’t  always  the 
right  answer,  although  it’s  of¬ 
ten  the  smart  one  for  small  to 
midsize  businesses. 

Babineau  said  CIOs  and  cor¬ 
porate  attorneys  need  to  work 
together  to  fully 
understand  the 
message-retention 
rules  and  then  de¬ 
termine  whether 
their  companies 
face  compliance 
risks.  He  added 
that  even  large  Wall  Street 
brokerages  with  sufficient  IT 
resources  have  to  be  careful  to 
ensure  that  acquired  compa¬ 
nies  are  compliant. 

“It’s  not  the  e-mails  created 
two  months  ago  you  have  to 
worry  about  as  much  as  the 


file  server  includes  a  single 
data  engine  and  starts  at 
$114,000  for  a  model  with  1TB 
of  storage  capacity.  In  compar¬ 
ison,  it  charges  $167,000  for  a 
1TB  version  of  the  original 
NS600  system,  which  includes 
two  engines.  Meanwhile,  the 
NS600GS  and  NS600G  NAS- 
to-SAN  gateway  devices  both 
have  starting  prices  of  less 
than  $100,000  (see  box). 

Dave  Johnson,  director  of  IT 
at  Chicago-based  accounting 
and  auditing  firm  Grant 
Thornton  Inc.,  said  EMC  ap¬ 
pears  to  be  trying  to  fill  out  its 
midrange  product  line. 

But  Johnson  added  that  he 
isn’t  interested  in  using  his 
five  Clariion  arrays,  which  are 
installed  at  four  regional  of¬ 
fices  and  Grant  Thornton’s 
corporate  data  center,  to  sup¬ 
port  file  server  functions.  He 


e-mail  created  two  years  ago 
when  you  brought  [the  new 
company]  on  board,”  he  said. 

Iron  Mountain’s  e-mail 
archiving  service  uses  EMC 
Corp.’s  Centera  disk  arrays 
and  mailbox  man¬ 
agement,  regulato¬ 
ry  compliance  and 
content  searching 
software  from  Ar¬ 
lington,  Texas- 
based  KVS  Inc.  But 
Iron  Mountain  offi¬ 
cials  said  IT  managers  can  use 
the  gap  analysis  offering  sepa¬ 
rately  to  help  prepare  for  the 
development  or  upgrade  of  in- 
house  archives. 

Charles  Bennett,  director 
of  compliance  at  Hornor, 
Townsend  and  Kent  Inc.,  the 


said  it’s  far  cheaper  to  use  a 
clustered  pair  of  Hewlett- 
Packard  Co.  ProLiant  DL580 
servers  at  each  of  the  firm’s  51 
branch  offices  nationwide  to 
handle  network  authentication 
functions  as  well  as  file  and 
print  services. 

Steve  Kenniston,  an  analyst 
at  Enterprise  Storage  Group 
Inc.  in  Milford,  Mass.,  said 
EMC’s  new  gateway  devices 

EMC’s  New 
NAS  |evices 

■  NS600GS:  Single-engine 
gateway  device  that  uses  external 
Clariion  disk  arrays  to  store  data. 
Starts  at  $63,000. 

■  NS600G:  Dual-engine  version 
of  the  gateway  product.  Starts 

at  $97,000. 

■  NS600S:  Entry-level  file  serv¬ 
er  with  one  data  mover  and  a 
built-in  array.  Starts  at  $114,000  in 
a  1TB  configuration. 


EMC  Releases  NAS  Devices 
Tied  to  Its  Midrange  Arrays 

Gateway  products  support  integration 
of  network-attached  storage,  SANs 


FINANCIAL  FOCUS 

For  more  coverage  of  IT 
issues  affecting  the  financial 
services  industry,  go  to: 

O  QuickLink  a3670 
www.computerworld.com 


Iron  Mountain’s 
Message  Retention 
Analysis  Service 

fS  development  of 
consistent  retention  and  docu¬ 
ment-destruction  policies, 

a  universal  index 
system  to  allow  keyword 
searches  of  e-mail  subject 
lines  and  content. 

PRC  IDE  regulatory  compli¬ 
ance  education  and  training  for 
end  users  within  subscribing 
companies. 


broker/dealer  division  of  Penn 
Mutual  Life  Insurance  Co.  in 
Horsham,  Pa.,  said  the  compa¬ 
ny’s  16,000  sales  representa¬ 
tives  can  generate  as  many  as 
12,000  e-mail  messages  a  day. 
Bennett  added  that  he  plans  to 
begin  using  Iron  Mountain’s 
Web-based  archiving  service 
this  month.  ©  41816 


are  an  attempt  to  gain  a  foot¬ 
hold  against  more  established 
NAS  vendors,  such  as  HP  and 
Network  Appliance  Inc.  EMC 
is  “rounding  out  the  whole 
message  in  the  midtier  range,” 
Kenniston  said. 

EMC  said  the  new  support 
for  ATA  disk  drives  will  let 
Celerra  users  rely  on  the  low¬ 
er-cost  devices  for  data  back¬ 
up  purposes  while  still  using 
Fibre  Channel  disks  for  prima¬ 
ry  data  storage. 

In  addition,  EMC  released  a 
low-end  NAS  device  that 
matches  its  Clariion  CX200 
disk  array  with  Microsoft 
Corp.’s  Windows  Powered 
NAS  software.  The  NetWin 
200  product,  which  was  an¬ 
nounced  in  May  [QuickLink 
38213],  can  scale  from  500GB 
to  4.4TB  in  storage  capacity 
and  starts  at  $32,000. 

The  NetWin  200  is  the 
First  EMC  product  that  uses 
Microsoft’s  NAS  software,  and 
it’s  designed  to  help  IT  man¬ 
agers  consolidate  data  backups 
of  low-end  Windows  servers. 
“Customers,  especially  Dell 
clients  who’ve  been  waiting  to 
do  data  management  better, 
have  been  looking  forward  to 
this,”  Kenniston  said.  ©  41821 
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IBM  Acquires  App 
Porting  Business 

IBM  said  it  has  acquired  an  appli¬ 
cation  porting  services  business 
focused  on  its  Linux  and  Unix 
servers  from  Austin-based  Sec¬ 
tor?  USA  Inc.  for  an  undisclosed 
price.  The  deal  included  most  of 
Sector7’s  assets  and  the  intellec¬ 
tual  property  for  its  tools,  which 
support  the  migration  of  applica¬ 
tions  to  IBM’s  servers.  IBM  also 
said  it  will  hire  Sector7  employ¬ 
ees  to  work  in  its  IT  services  unit. 


Microsoft  Agrees 
To  Settle  Lawsuit 

Microsoft  Corp.  said  it  has  agreed 
to  pay  a  total  of  about  $10.5  mil¬ 
lion  to  settle  a  class-action  anti¬ 
trust  lawsuit  involving  users  that 
bought  Windows  directly  from  the 
company.  The  settlement  deal 
needs  to  be  approved  by  a  U.S. 
District  Court  judge  in  Baltimore 
before  it  becomes  effective.  The 
plaintiffs  had  sought  to  include  a 
much  larger  group  of  users  in  the 
suit,  but  court  rulings  narrowed 
the  scope  of  the  case. 


Nortel,  Solectron 
Alter  Product  Deal 

Nortel  Networks  Ltd.  and  Solec¬ 
tron  Corp.  said  they  have  revised 
a  3-year-old  contract  under 
which  Milpitas,  Calif.-based 
Solectron  manufactures  products 
for  Brampton,  Ontario-based  Nor¬ 
tel.  The  deal,  which  was  due  to 
expire  next  year,  was  extended  to 
2009.  But  the  companies  sharply 
reduced  its  projected  value  to 
$7.5  billion.  The  initial  contract 
was  for  $10.4  billion. 


Short  Takes 

CASSATT  CORP.,  a  Menlo  Park, 
Calif.-based  start-up  headed  by 
former  BEA  Systems  Inc.  CEO  Bill 
Coleman,  plans  to  offer  a  set  of 
autonomic  computing  tools. . . . 
THE  0PENS5L  PROJECT  said  it 
has  patched  three  security  holes 
in  its  oaen-source  version  of  the 
Secure  Sockets  Layer  protocol. 
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Laws,  Concern  for  Corporate 
Image  Make  Privacy  a  Priority 


Failure  to  keep  data  private  could  put 
companies  in  jeopardy  on  several  fronts 


BY  JAIKUMAR  VIJAYAN 

COLUMBUS,  OHIO 

egulatory  require¬ 
ments  and  the  need 
to  protect  corporate 
reputations  are  mak¬ 
ing  it  crucial  for  companies  to 
implement  comprehensive 
data  privacy  programs,  said 
users  at  the  PrivacyCon  2003 
conference  here  last  week. 

A  failure  to  do  so  will  even¬ 
tually  expose  them  to  legal 
risks,  hinder  their  ability  to  do 
business  in  certain  parts  of  the 
world  and  jeopardize  trusted 
relationships  with  customers, 
they  added. 

“Privacy  laws  are  having  a 
huge  impact”  on  companies, 
said  Jay  Cline,  privacy  manager 
at  Carlson  Companies  Inc.,  a 
Minneapolis-based  group  of 
businesses  in  the  travel,  hospi¬ 
tality  and  marketing  industries. 

Carlson,  which  until  late 
2000  had  no  formal  privacy 
program,  is  rolling  out  a  global 
effort  aimed  at  getting  its  busi¬ 
ness  units  to  comply  with  a 
patchwork  of  state,  federal  and 
international  requirements, 
Cline  said. 

A  Corporate  Value 

Companies  will  need  to  “ad¬ 
vance  privacy  as  a  corporate 
value,”  said  Kevin  Lyles,  a 
Columbus-based  attorney  at 
international  law  firm  Jones 
Day  LLC.  “If  you  don’t  have  a 
privacy  program,  you  have  le¬ 
gal  exposure.  Fines  and  penal¬ 
ties  are  going  to  be  much 
higher”  for  noncompliance,  he 
said.  A  company’s  perceived 
stance  toward  privacy  will 
also  have  an  impact  on  share¬ 
holder  value,  he  added. 

A  recent  controversy  in¬ 
volving  JetBlue  Airways 
Corp.’s  release  of  passenger 
information  to  a  private  con¬ 
tractor  is  an  example  of  the 
kind  of  reputation  damage 


companies  risk  from  privacy- 
related  failures,  said  Peter 
Cullen,  chief  privacy  strategist 
at  Microsoft  Corp. 

The  incident  involved  Jet¬ 
Blue  providing  passenger  in¬ 
formation  to  a  Department  of 
Defense  contractor,  which 
used  the  data  for  a  project  re¬ 
lated  to  military-base  security. 

“JetBlue  is  a  company  that 
probably  wishes  it  had  done 
things  differently,”  Cullen  said 
during  a  keynote  address. 

A  JetBlue  spokesman  of¬ 
fered  no  comment,  saying  that 
it  was  still  too  soon  after  the 
incident  to  be  able  to  say  what 
lessons  have  been  learned 
from  the  episode. 

Establishing  a  privacy  pro¬ 
gram  is  more  complex  than 
just  meeting  regulatory  re¬ 
quirements,  said  Keith  Herath, 
chief  privacy  officer  at  Nation¬ 
wide  Mutual  Insurance  Co.  in 
Columbus.  “Legal  require¬ 
ments  are  only  the  minimum. 
Most  laws  are  a  compromise 
to  the  lowest  common  denom¬ 
inator,”  Herath  said. 


COLUMBUS,  OHIO 

Microsoft  Corp.  is  determined  to 
incorporate  better  privacy  safe¬ 
guards  into  its  products  and 
practices,  according  to  its  chief 
privacy  strategist,  Peter  Cullen. 

Addressing  a  group  of  privacy 
professionals  at  the  PrivacyCon 
2003  conference  here  last 
week,  Cullen  said  Microsoft  is 
focused  on  giving  users  more 
choice  and  control  over  the 
manner  in  which  information  is 
collected  and  used. 

To  that  end,  Microsoft  has  im¬ 
plemented  a  privacy  program  to 
create  a  high  level  of  awareness 
relating  to  privacy  issues  in  the 


Privacy  Guidelines 


Key  concepts  behind 
building  a  global  privacy 
program  include  the  following: 

■  Focus  on  business  drivers 

rather  than  regulatory  drivers. 


■  Establish  good  faith  efforts 
and  documentation  for  demon¬ 
strating  compliance. 


■  Integrate  the  privacy  pro¬ 
gram  into  existing  organizational 
and  reporting  structure. 


Sometimes  companies  have 
to  accommodate  higher  stan¬ 
dards  to  ensure  that  a  consis¬ 
tent  policy  is  applied  to  all 
customers,  users  said. 

For  instance,  prior  to  the 
Gramm-Leach-Bliley  Act,  Na¬ 
tionwide  had  to  comply  with  a 
law  in  15  states  that  required  it 
to  provide  to  customers  cer¬ 
tain  rights  of  access  to  person¬ 
al  data  —  and  the  means  to 
correct  any  inaccurate  data. 
Though  the  act  doesn’t  re¬ 
quire  Nationwide  to  take  the 
same  measures  in  the  other  35 
states,  the  insurer  has  begun 
doing  so  anyway,  Herath  said. 


product  design  stage.  The  Mi¬ 
crosoft  Windows  group  alone 
has  125  employees  with  privacy- 
related  responsibilities  and  five 
privacy  managers  focused  on 
ensuring  that  each  of  the  com¬ 
ponents  that  goes  into  the  Win¬ 
dows  operating  system  has  been 
“thought  through  from  a  privacy 
perspective,”  he  said.  This  in¬ 
cludes  looking  at  how  each 
component  collects,  stores  and 
uses  data,  he  said. 

The  company  is  also  focused 
on  giving  users  more  choices 
and  control  over  their  informa¬ 
tion,  he  said.  As  an  example,  he 
cited  the  user  consent  that's  re- 


“We  felt  that  it  made  no  sense 
to  offer  it  in  15  states  and 
nowhere  else,”  he  said. 

But  implementing  a  consis¬ 
tent  global  privacy  program 
can  be  a  huge  challenge,  said 
Scott  Shipman,  chief  privacy 
officer  at  eBay  Inc. 

As  a  company  with  opera¬ 
tions  in  several  countries, 

San  Jose-based  eBay  is  forced 
to  deal  with  various  cross- 
border  data  transfer  and  re¬ 
tention  requirements,  con¬ 
sumer  consent  models,  re¬ 
porting  requirements  and  en¬ 
forcement  issues. 

New  state-level  privacy  reg¬ 
ulations  such  as  those  being 
proposed  in  California  [Quick- 
Link  41325]  add  to  the  prob¬ 
lem,  Shipman  said. 

But  multinational  compa¬ 
nies  are  going  to  have  few  op¬ 
tions  but  to  comply,  Lyles  said. 

“The  data  protection  direc¬ 
tives  in  Europe  are  forcing 
companies  to  take  privacy 
seriously,”  Lyles  said.  The  real 
concern  today  for  a  lot  of 
companies  is  that  enforcement 
of  European  laws  could  well 
force  them  to  stop  the  flow  of 
data  to  and  from  that  region, 
he  added.  ©  41835 


quired  to  send  error  reports  to 
Microsoft  via  the  Internet  when 
an  application  crashes. 

Microsoft  is  also  working 
on  a  new  security  technology 
called  the  Next-Generation  Se¬ 
cure  Computing  Base  that  will 
allow  users  to  secure  confiden¬ 
tial  data  within  a  “virtual  vault” 
in  a  PC.  The  technology  will  al¬ 
low  users  to  store  confidential 
information  in  a  separate  loca¬ 
tion  on  a  PC  and  control  appli¬ 
cation  access  to  that  data.  It  will 
also  allow  users  to  control  who 
can  see  that  data  during  data 
transmission. 

-  Jaikumar  Vijayan 


Microsoft  Exec  Says  Privacy  a  Top  Concern  at  Company 
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WLAN  Threat 


was  unaware  of  the  Aug.  7 
warning  until  he  was  contact¬ 
ed  by  Computerworld. 

Sharp  has  a  network  of  8,000 
computers  spread  across  seven 
hospitals,  six  urgent-care  cen¬ 
ters  and  three  affiliated  med¬ 
ical  groups.  It  uses  both  wired 
and  wireless  Cisco  equipment, 
including  about  200  WLAN 
access  points.  Wiesenberg 
said  Sharp  has  always  viewed 
LEAP  as  a  transitional  proto¬ 
col  for  use  until  the  802.11i 
wireless  security  standard  is 
finalized.  Now  he  plans  to  ex¬ 
plore  alternatives  to  LEAP. 

Mike  Martell,  systems  man¬ 
ager  at  The  Dingley  Press,  a 
Lisbon,  Maine-based  catalog 
printer  that  uses  a  Cisco 
WLAN  in  its  warehouse,  also 
said  he  didn’t  know  about  the 
potential  problem  with  LEAP 
until  last  week.  But  Martell, 
whose  company  is  featured  in 
a  customer  profile  on  Cisco’s 
Web  site,  said  he  wasn’t  sur¬ 
prised  to  hear  that  the  security 
technology  could  be  overcome 
by  a  dictionary  attack. 

Massive  Assaults 

Such  attacks  assault  password 
protection  schemes  by  feeding 
huge  amounts  of  words  and 
numbers  into  a  targeted  sys¬ 
tem.  Thanks  to  increases  in 
processing  power,  some  dic¬ 
tionary  attacks  can  crack  pass¬ 
words  in  a  matter  of  minutes, 
Martell  said.  He  said  users 
should  use  long  passwords 
with  odd  combinations  of  let¬ 
ters  and  numbers. 

Cisco  made  similar  recom¬ 
mendations  in  the  Aug.  7  warn¬ 
ing,  saying  that  IT  managers 
can  reduce  the  impact  of  dic¬ 
tionary  attacks  by  mandating 
the  use  of  “strong  passwords” 
and  ones  that  become  invalid 
after  a  specified  time  period. 

Ron  Seide,  product  line 
manager  at  Cisco’s  wireless 
business  unit,  last  week  said 
his  company  believes  LEAP  is 
“relatively”  secure  if  users  fol¬ 
low  good  password  manage¬ 
ment  approaches.  He  added 
that  Cisco  also  offers  an  up¬ 
grade  path  to  help  customers 
migrate  from  LEAP  to  its 


stronger  Protected  Extensible 
Authentication  Protocol, 
which  uses  one-time  pass¬ 
words  and  digital  certificates. 

Seide  said  the  second  notice 
about  the  dictionary  attack 
threat  will  have  “more  visibil¬ 
ity”  than  the  initial  one  did. 
Cisco  will  act  “with  all  due 
haste”  to  notify  users  when  it 
learns  of  specific  plans  to  re¬ 
lease  the  attack  tool,  he  said. 
He  added  that  the  company 
will  use  multiple  methods  of 


communicating  that  to  users, 
but  he  didn’t  provide  details. 

Cisco  e-mails  security  alerts 
to  its  sales  force  as  well  as  to 
its  distributors  and  resellers, 
according  to  Seide.  But  he  said 
that  unlike  Microsoft  Corp., 
which  lets  its  users  sign  up  to 
get  e-mail  messages  contain¬ 
ing  security-related  informa¬ 
tion,  Cisco  has  no  easy  way  to 
capture  the  e-mail  addresses 
of  customers. 

The  threat  facing  LEAP- 


based  systems  was  put  under 
a  spotlight  last  week  after 
Joshua  Wright,  a  systems  engi¬ 
neer  at  Johnson  &  Wales  Uni¬ 
versity  in  Providence,  R.I., 
demonstrated  a  dictionary  at¬ 
tack  against  the  Cisco  technol¬ 
ogy  at  a  conference  in  New 
York  sponsored  by  Light 
Reading  Inc.  Wright  couldn’t 
be  reached  for  comment.  But 
according  to  sources  who 
were  in  the  audience,  Wright 
said  he  planned  to  make  the 


tool  he  used  publicly  available 
within  a  couple  of  months. 

The  University  of  British 
Columbia  in  Vancouver  runs  a 
WLAN  with  about  1,200  Cisco 
access  points.  Jonn  Martell, 
who  manages  the  WLAN,  said 
the  school  decided  to  use  vir¬ 
tual  private  network  technol¬ 
ogy  instead  of  LEAP  because 
of  concerns  about  dictionary 
attacks.  Password-based  sys¬ 
tems  are  “fundamentally  not 
the  answer,”  he  said.  ©  41843 


Continued  from  page  1 

Pentagon 

cations  thus  far  by  an  order  of 
magnitude,  said  Bruce  Triner, 
director  of  defense  special 
programs  at  the  Pleasanton, 
Calif.-based  vendor.  It’s  also 
expected  to  be  the  first  rollout 
by  any  user  of  the  PeopleSoft 
8.8  global  payroll  module,  ac¬ 
cording  to  Carpenter. 

But  progress  has  been  slow, 
even  though  the  DOD’s  plan 
from  the  start  was  to  configure 
the  system  so  it  would  be  in 
line  with  private-sector  HR 
procedures  and  require  a  mini¬ 
mal  amount  of  software  cus¬ 
tomization.  “We’d  rather  not 
reinvent  the  wheel  and  rewrite 
code,”  Carpenter  said.  “We’re 
looking  for  PeopleSoft  to  be 
installed  as  much  out  of  the 
box  as  possible.” 

PeopleSoft’s  applications 
were  picked  over  rival  prod¬ 
ucts  because  IT  officials  at  the 
Pentagon  felt  they  would  most 
closely  support  its  needs,  she 
added.  But  after  the  selection 
was  made,  the  DOD  did  what 
it  described  as  an  “extensive 
fit-gap  analysis”  to  further  in¬ 
vestigate  how  well  the  soft¬ 
ware  met  its  requirements. 

The  DOD  had  planned  to 


have  part  of  the  system  in 
place  by  last  fall,  but  Carpen¬ 
ter  said  the  process  of  review¬ 
ing  the  prime  contractor  bids 
submitted  by  Northrop  Grum¬ 
man  and  other  systems  inte¬ 
grators  took  longer  than  ex¬ 
pected  because  of  the  detailed 
nature  of  their  proposals. 

“I  don’t  think  anybody  could 
have  predicted  the  length  of 
the  [prime  contractor]  acqui¬ 
sition  period,”  said  Jon  Jensen, 
a  Northrop  Grumman  execu¬ 
tive  who  led  the  Los  Angeles- 
based  company’s  effort  to  win 
the  contract.  “It  was  probably 
a  disappointment  for  a  lot  of 
folks  in  terms  of  time  frame.” 
Jensen  works  at  Northrop 
Grumman  Information  Tech¬ 
nology,  the  Herndon,  Va.- 
based  operation  that  will  man¬ 
age  the  DIMHRS  project. 

Breaking  It  Down 

Carpenter  said  that  because 
of  the  project’s  uniqueness 
and  complexity,  military  offi¬ 
cials  made  the  decision  to 
separate  development  into 
two  phases,  the  first  of  which 
involved  the  five  systems  inte¬ 
grators  that  were  competing 
for  the  prime  contractor’s  job. 
In  September  2002,  the  Penta¬ 
gon  gave  the  companies  small 
contracts  to  develop  docu¬ 


mentation  and  recommended 
system  specifications. 

The  companies  in  Decem¬ 
ber  submitted  implementation 
plans  that  weighed  a  com¬ 
bined  total  of  4,800  pounds, 
Carpenter  said.  Last  week’s 
choice  of  Northrop  Grumman 
to  manage  the  rollout  signals 
the  actual  start  of  work  on  the 
system,  which  marks  the  be¬ 
ginning  of  Phase  2. 

But  Northrop  Grumman 
still  needs  to  finalize  the  tech¬ 
nical  design  and  a  detailed 
rollout  schedule,  both  of 
which  are  due  within  the  next 
six  months.  The  DOD  hopes 
to  get  the  U.S.  Army  online 
with  DIMHRS  by  November 
2005  and  then  add  the  other 
military  branches  over  the  fol¬ 
lowing  24  months. 

“It’s  not  rocket  science,  but 
it’s  not  as  easy  as  it  looks  at 
first  blush,”  Carpenter  said. 

Ray  Bjorklund,  an  analyst 
at  consulting  firm  Federal 
Sources  Inc.  in  McLean,  Va., 
predicted  that  the  project’s  to¬ 
tal  cost  could  reach  $500  mil¬ 
lion  if  administrative  expenses 
and  ongoing  maintenance  fees 
on  some  of  the  DOD’s  legacy 
systems  are  included.  Penta¬ 
gon  officials  declined  to  com¬ 
ment  about  his  estimate. 

Work  on  the  project  will 
be  centered  at  a  DOD  IT  facil¬ 
ity  in  New  Orleans.  The  Pen¬ 
tagon  plans  to  run  the  People- 
Soft  applications  on  IBM  Unix 
servers  and  link  them  to  a  sin¬ 
gle  logical  database  that  will 
be  built  on  IBM’s  DB2  soft¬ 
ware  and  contain  consolidat¬ 
ed  information  about  all  mili¬ 
tary  personnel.  The  DOD  will 
also  install  backup  systems  for 
disaster  recovery  purposes, 
Carpenter  said.  ©  41815 


Impact  of  Oracle 
Bid  Downplayed 

Defense  officials  involved  in 
the  DIMHRS  project  said  they 
don't  see  Oracle  Corp.’s  hos¬ 
tile  attempt  to  acquire  People- 
Soft  as  a  big  obstacle  to  the 
Pentagon's  rollout  of  its  new 
human  resources  system. 

U.S.  Navy  Capt.  Valerie  Car¬ 
penter,  the  joint  program  man¬ 
ager  responsible  for  develop¬ 
ment  of  the  HR  system,  said 
the  takeover  bid  that  Oracle 
announced  in  June  hasn’t 
been  a  cause  of  worry  for  her. 
“The  DOD  has  a  valid  contract 
with  PeopleSoft,  and  if  they 
were  bought  out  by  Oracle,  we 
would  expect  Oracle  to  honor 
that  contract,”  she  said. 

“At  this  point,  it’s  not  con¬ 
sidered  a  viable  threat,”  said 
Jon  Jensen,  who  led  Northrop 
Grumman’s  successful  effort 
to  be  named  the  prime  con¬ 
tractor  for  the  project. 

Jensen  noted  that  the  buy¬ 
out  offer  initially  caused  wor¬ 
ries  throughout  the  IT  industry 
because  of  concerns  that  Ora¬ 
cle  would  stop  actively  selling 
PeopleSoft’s  applications.  The 
takeover  attempt  is  currently 
on  hold  while  federal  officials 
examine  its  possible  antitrust 
implications. 

Jensen  speculated  that  if 
Oracle  succeeds  in  its  quest 
to  buy  PeopleSoft,  the  Penta-  . 
gon’s  project  could  be  delayed 
or  even  reconsidered.  But,  he 
added,  “unless  something  dra¬ 
matic  happens,  we're  on  sta¬ 
ble  ground." 

-  Marc  L.  Song  ini 


The  Pentagon’s  Progress 

Key  developments  in  the  DOD’s  DIMHRS  Project: 


AUGUST  2001 

APRIL  2002 

SEPTEMBER  2002 

SEPTEMBER  2003 

The  Defense  De¬ 
partment  buys  an 
enterprisewide  li¬ 
cense  for  People- 
Soft  HR  applica¬ 
tions  for$48M. 

RFPsforthe 
software  imple¬ 
mentation  are 
issued  to  con¬ 
sulting  and  sys¬ 
tems  integra¬ 
tion  firms. 

The  DOD  gives 
five  companies  up 
to  $1M  contracts 
to  submit  updated 
implementation 
proposals. 

Northrop  Grumman 

is  awarded  a  $281 M 
contract  to  manage 
development  of  the 
system. 
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DHS  Initiates  Real-Time 
Cybersituation  Project 


Feds  look  for  immediate 
security  incident  data 

BY  DAN  VERTON 

The  U.S.  Department  of  Homeland 
Security’s  cybersecurity  division  is 
spearheading  an  aggressive  new  proj¬ 
ect  to  create  a  real-time  cybersitua- 
tion-awareness  system,  a  senior  DHS 
official  said  last  week. 

The  aim  of  the  system  is  to  provide  a 
nationwide  capability  to  conduct  in¬ 
stant  analysis  of  security  incident  data 
for  signs  of  coordinated  attacks  or  ma¬ 
jor  virus  and  worm  outbreaks. 

Sallie  McDonald,  the  senior  execu¬ 
tive  responsible  for  outreach  and 
awareness  efforts  at  the  agency,  said 
the  National  Cyber  Security  Division 
(NCSD)  of  the  DHS  is  working  with 
SRI  International,  Symantec  Corp.  and 
Computer  Associates  International  Inc. 
to  develop  a  nonproprietary  data  col¬ 
lection  system  that  will  run  on  an  auto¬ 
mated  security  extranet  and  feed  inci¬ 
dent  reports  to  the  various  Information 
Sharing  and  Analysis  Centers  (ISAC) 
operating  in  the  private  sector.  The 
ISACs  would  then  feed  the  data  to  the 
national  situation-awareness  system. 

“We  will  be  deploying  this  in  the  fed¬ 
eral  sector,  starting  at  the  U.S.  CERT 
first  so  we  can  see  in  real  time  what  is 
happening  across  the  nation,”  said  Mc¬ 
Donald.  The  DHS  announced  on  Sept. 

15  the  formation  of  a  computer  emer¬ 
gency  response  team,  U.S.-CERT,  which 
is  the  result  of  a  combined  effort  of  the 
Federal  Computer  Incident  Response 
Center  and  the  CERT  Coordination 
Center  at  Carnegie  Mellon  University. 

The  new  incident  reporting  and 
analysis  system  will  be  launched  in  De¬ 
cember  at  the  first  DHS-sponsored  Cy¬ 
ber  Security  Summit  to  be  held  in  Sili¬ 
con  Valley  at  an  undetermined  loca¬ 
tion,  said  McDonald. 

In  addition  to  the  reporting  system, 
the  DHS  plans  to  announce  a  security 
awareness  effort  targeted  at  50  million 
home  users  and  small  businesses,  and 
will  draft  a  national  cybersecurity  road 
map  that  includes  specific  milestones 
and  metrics  for  measuring  progress  in 
bolstering  security. 

According  to  testimony  provided  to 
Congress  last  month  by  Robert  Lis- 
couski,  assistant  secretary  of  homeland 
security  for  infrastructure  protection 


at  the  DHS,  the  new  situation-aware¬ 
ness  capability  will  leverage  the  data 
that’s  now  collected  by  more  than  200 
private,  public  and  university 
CERTs  within  the  U.S.  and 
feed  that  data  to  the  newly 
created  U.S.-CERT.  The  goal 
within  the  next  year  is  to  re¬ 
duce  response  times  to  any 
attack  to  an  average  of  30 
minutes,  according  to 
Liscouski. 

All  of  these  efforts  will  be 
launched  as  Amit  Yoran,  for¬ 
mer  vice  president  for  man¬ 
aged  security  services  at  Cu¬ 
pertino,  Calif.-based  Syman¬ 
tec,  joins  the  DHS  as  head  of  the 
NCSD  [QuickLink  41394],  McDonald 
and  others  praised  the  appointment  of 
Yoran,  who  also  served  as  the  former 
director  of  vulnerability  assessment 
for  the  Pentagon’s  CERT. 

However,  some  prominent  experts 
said  quietly  that,  despite  Yoran’s  expe¬ 
rience,  he  faces  an  uphill  battle  when  it 


Despite  the  government's  recent  efforts 
to  integrate  dozens  of  watch  list  databas¬ 
es,  terrorists  may  still  be  slipping  through 
numerous  cracks  in  the  nation’s  home¬ 
land  defenses  by  stealing  identities  and 
using  computers  to  create  fraudulent  trav¬ 
el  documents,  officials  told  Congress. 

Testifying  before  the  House  Select 
Committee  on  Homeland  Security  last 
week,  Ronald  D.  Malfi,  director  of  the 
General  Accounting  Office’s  Office  of 
Special  Investigations,  said  that  over  the 
past  three  years,  investigators  have  suc¬ 
ceeded  in  using  fraudulent  identities  and 
documents  created  on  home  computers 
to  do  things  like  enter  the  U.S.,  buy 
firearms  and  gain  unfettered  access  to 
government  buildings. 

“We  created  fictitious  identities  and 
counterfeit  identification  documents, 
such  as  driver’s  licenses,  birth  certificates 
and  Social  Security  cards . . .  using  inex¬ 
pensive  computer  software  and  hardware 
that  are  readily  available  to  any  purchas¬ 
er,”  said  Malfi. 

“It’s  relatively  easy  for  a  terrorist  to 
pose  as  someone  else,”  said  Rep.  Robert 
Andrews  (D-N.J.).  “And  the  impact  is  that 


comes  to  reinvigorating  the  public/ 
private  partnership,  which  they  added 
has  lost  much  of  its  momentum  as  a  re¬ 
sult  of  organizational  and  staff  changes. 

According  to  one  DHS  official,  who 
requested  anonymity,  Yoran  will  prob¬ 
ably  have  access  to  top  department 
leaders,  but  he  may  not  easily  adapt  to 
the  government’s  rigidity  and  slow 
pace.  Yoran  couldn’t  be  reached  for 
comment. 

Scott  Blake,  vice  president 
of  information  security  at 
BindView  Corp.  in  Houston, 
said  the  questions  about 
leadership  and  reporting 
structure  have  overshadowed 
the  real  issue  of  the  failure  of 
the  government’s  policy  to¬ 
ward  the  private  sector. 

“I’m  increasingly  con¬ 
vinced  that  the  carrot 
method  of  encouraging  the 
private  sector  to  practice 
good  security  isn’t  working  and  isn’t 
going  to  work,”  said  Blake.  “While 
putting  a  face  to  the  effort  [behind  the 
national  strategy]  may  help  a  little,  I 
don’t  see  the  IT  world  adopting  better 
security  without  a  stick  being  applied. 
Many  companies  are  waiting  for  case 
law  to  demonstrate  what  they  really 
have  to  do.”  ©  41837 


the  integrated  terrorist  watch  list  and  oth¬ 
er  databases  that  the  [DHS]  is  sharing 
with  other  agencies  is  ineffective  if  we're 
not  identifying  [people]." 

Delegate  Eleanor  Holmes  Norton  (D- 
D.C.),  a  self-proclaimed  “card-carrying 
civil  libertarian,”  said  the  nature  of  the  vul¬ 
nerabilities  has  led  her  and  others  to  re¬ 
think  the  issue  of  a  national  ID  card. 

However,  Keith  Kiser,  chairman  of  the 
American  Association  of  Motor  Vehicle 
Administrators,  said  a  national  ID  card  is 
unnecessary  and  would  probably  require 
IT  systems  that  are  currently  not  in  place. 
Instead,  Kiser  argued  that  the  existing  IT 
infrastructure  serving  state  motor  vehicle 
departments,  which  is  used  to  verify  iden¬ 
tities  and  issue  valid  driver’s  licenses, 
should  be  enhanced  and  standardized. 

Kiser  urged  Congress  to  support  a 
massive  IT  upgrade  tor  motor  vehicle  de¬ 
partments  that  would  include  providing  a 
uniform  system  to  verify  in  real  time  an 
applicant’s  driving  history  and  the  authen¬ 
ticity  of  documents  used  to  establish  his 
identity,  such  as  Social  Security  cards 
and  taxpayer  ID  numbers. 

-  Dan  Verton 


ID  Theft  Undermines  Integrated  Terror  Watch  Lists 
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Legendary  Reliability' 


Are  you  set  to  save  space 
and  minimize  installation 
and  maintenance  costs 
with  a  modular  manageable, 
pre-engineered  architecture? 


“If  I  had  purchased  the  incumbent 
vendor  's  3-phase  upgrade  model, 

I  would  have  paid  75%  more  in  service 
costs  over  the  next  four  years  and 
I  would  have  had  to  utilize  50%  more 
of  my  precious  floor  space. " 

Captain  Timothy  Riley 

Support  Services  Division 

City  of  Newport  Beach  Police  Department 


Many  IT  professionals  have  switched 
from  an  inflexible  proprietary  system  to 


network  critical  physical  infrastructure. 


ADVERTISEMENT 

InfraStruXure™ 
is  the  ICey  to 
Stronger  NCPI 

by  Russell  Senesac 

InfraStruXure  Product  Manager 

APC  InfraStruXure™  architecture  is  the  industry's 
new  benchmark  for  on-demand  network-critical 
physical  infrastructure  (NCPI).  The  foundation  of  IT 
networks,  NCPI  consists  of  power,  power  distribu¬ 
tion,  racks,  cabling,  cable  distribution,  cooling,  and 
cooling  distribution.  Strong  NCPI  defends  your  IT 
networks  against  security  and  availability  problems. 

Complementing  these  benefits  of  strong  NCPI  is 
InfraStruXure's  open,  adaptable,  integrated  ap¬ 
proach,  which  ensures  optimal  performance  and 
lower  upfront  and  operating  costs.  InfraStruXure 
fully  integrates  power,  cooling,  management  and 
services  within  a  rack-optimized  design. 

Power 

InfraStruXure  architecture  features  rack-optimized, 
intelligent  UPSs  and  power  distribution  units  that 
are  highly  manageable,  modular,  and  pre-engineered 
to  meet  the  demands  of  the  smallest  wiring  closet  to 
the  largest  data  center. 

Cooling 

Cooling  solutions  designed  for  InfraStruXure  are 
extremely  flexible,  fitting  almost  any  data  environment 
as  though  custom-made,  but  without  the  extensive  engi¬ 
neering  that  traditional  cooling  systems  require. 

Management 

InfraStruXure  boasts  the  industry’s  only  frilly  integrated 
power  management  solution.  Monitor  the  elements  of 
your  data  center,  understand  how  your  InfraStruXure  is 
performing  and,  when  necessary,  take  action  remotely  to 
ensure  service  levels  are  met — all  from  a  Web  browser  on 
your  desktop  computer.  You’ll  be  able  to  maximize  avail¬ 
ability  through  system-level  proactive  management. 
InfraStruXure  management  solutions  are  easy  to  use  and 
require  little  to  no  training. 

Services 

A  full  menu  of  professional  services,  performed  by 
APC  Global  Services  experts,  supports  your 
InfraStruXure  architecture.  Whether  building  a  new 
installation  or  retrofitting  InfraStruXure  into  your 
existing  IT  environment,  a  range  of  services  is  able  to 
meet  your  specific  needs.  Factory-trained  professionals 
commission  the  elements  of  your  InfraStruXure, 
understand  how  it  is  performing  and,  when  necessary, 
take  action  to  ensure  optimal  service  levels  are  met. 

The  Result 

With  InfraStruXure,  you  get  the  reliability,  afford¬ 
ability  and  predictability  of  standard  solutions,  yet 
completely  customized  for  your  specific  problems. 
As  your  requirements  change,  InfraStruXure  easily 
adapts,  allowing  you  to  build  out  or  scale  back 
capacity  as  it  is  required.  Bl 
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Are  you  going  to  take  advantage  of 
this  availability  solution  to  prevent 


costly  downtime? 


Stop  hesitating. 

You've  been  given  the 
green  light  to  ensure  the 
continuous  operation  of  your 
mission-critical  electronic 
applications. 

Go  find  out  more  about  how 

InfraStruXure™  can  build  availa 

■ 

into  your  business  processes. 
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FREE  White  Paper: 
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infrastructure"  and  FREE 
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To  order:  Visit  http://promo.apc.com  Key  Code  n?45y 
Call  888-289-APCC  x2969  ®  Fax  401 -788-2797 


APC 

Legendary  Reliability® 

E-mail:  esuppoit@apcc.com  •  1 32  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA 
©2003  American  Power  Conversion  Corporation.  All  Trademarks  are  the  properly  of 
their  respective  owners.  ISX2C3EF-US 


18  COMPUTERWORLD  October  6, 2003 


NEWS 


www.computerworld.com 


Fired  ©stake  CTO  Says  Microsoft 
Critique  Was  ‘Business  as  Usual’ 


Geer  defends  decision 
to  involve  CCIA  in 
security  report’s  release 

BY  DAN  VERTON 

Dan  Geer  was  fired  from  his  job  as  chief 
technology  officer  at  @stake  Inc.  on 
Sept.  25,  one  day  after  he  and  six  other 
security  researchers  released  a  report 
that  criticized  Microsoft  Corp.’s  domi¬ 
nance  of  the  software  industry  as  a  fun¬ 
damental  cause  of  IT  security  problems 
[QuickLink  41691]. 

The  report  was  published  by  the  Com¬ 
puter  &  Communications  Industry 
Association  (CCIA),  a  Washington- 
based  trade  group  that  includes  some  of 
Microsoft’s  top  rivals.  @stake,  a  Cam¬ 
bridge,  Mass.-vendor  of  security  soft¬ 
ware  and  consulting  services,  gets  a 
significant  portion  of  its  revenue  from 
Microsoft.  Geer  last  week  spoke  to  Com- 
puterworld  about  his  firing  and  the  con¬ 
troversy  surrounding  the  report. 

What  happened  on  Sept.  25?  I’m  still 
cautioned  by  my  attorney  not  to  be 
too  precise  about  anything.  But  I 
learned  I  was  fired  from  a  press  re¬ 
lease.  When  I  did  eventually  speak  to 


the  CEO  [James  Mobley  of  @stake],  it 
was  cold  and  short,  and  he  had  nothing 
to  say  but,  “Your  services  are  no  longer 
required.”  And  there  was  and  has  been 
nothing  else  beyond  that. 

©stake  has  said  that  you  should  have 
known  Microsoft  was  a  client  and  that, 
although  other  ©stake  officials  didn’t  nec¬ 
essarily  disagree  with  everything 
in  the  report,  your  participation 
showed  lack  of  respect  for  a  major 
customer.  Is  that  unreasonable? 

If  you  knew  my  history,  you 
would  know  that  I’m  a  com¬ 
mentator  on  lots  of  things  a 
lot  of  the  time.  It’s  not  as  if 
there’s  a  procedure  to  check 
everything  with  marketing. 

The  reason  I  was  recruited  into 
[@stake]  in  the  first  place  was  precise¬ 
ly  for  my  ability  to  look  over  the  hori¬ 
zon,  to  see  the  big  picture  and  to  um¬ 
pire  the  game,  if  you  will. 

I  once  had  someone  explain  to  me 
that  the  way  you  could  tell  the  differ¬ 
ence  between  a  young  umpire,  an  ex¬ 
perienced  umpire  and  an  old  umpire 
was  that  the  young  umpire  would  say, 
“I  call  them  as  I  see  them.”  And  the 
middle-aged  umpire  would  say,  “It’s 


not  a  ball  or  a  strike  until  I  say  it’s  a 
ball  or  a  strike.”  And  the  old  hand 
would  say,  “I  make  it  a  ball,  or  I  make  it 
a  strike.” 

If  you  don’t  mind  me  being  a  little 
immodest,  I  like  to  think  that  I’m  ap¬ 
proaching  the  latter.  I  comment  on 
everything  that  I’m  capable  of  com¬ 
menting  on  as  frankly  as  I  am  able  to 
do  so.  It’s  what  I  am.  So  from  my  point 
of  view,  this  report  was  business  as 
usual  and  unremarkable.  The  only 
thing  that  made  it  remarkable  was  the 
reaction  of  the  CEO. 

Why  did  you  choose  to  align  the 
study  with  a  clearly  partisan  group 
like  the  CCIA  when  you  could  have 
approached  any  number  of  organi¬ 
zations  that  have  a  reputation  for 
being  evenhanded?  I  had  a  satel¬ 
lite  to  put  into  orbit,  and  they 
had  a  launch  vehicle.  I  went  to 
an  organization  that  I  was  rela¬ 
tively  certain  would  ensure 
that  the  report  couldn’t  be  ignored.  I 
think  that  was  an  unqualified  success, 
and  [it]  was  made  more  of  an  unquali¬ 
fied  success  by  adding  the  publicity 
engine  of  dissing  me  in  the  process.  It 
was  almost  a  gift. 

A  lot  of  people  say  they  agree  with  the 
report’s  main  premise  that  monolithic  IT 
infrastructures  inherently  are  less  secure 
than  multivendor  ones.  But  some  also  say 
that  multivendor  environments  may  pose 
just  as  many  security  problems  because  of 


Hyperion  Sets 
Plan  to  Meld  Its 
Software  With 
Brio’s  Data  Tools 

BY  MARC  L.  SONGINI 

Hyperion  Solutions  Corp.,  which  ex¬ 
pects  to  complete  a  buyout  of  strug¬ 
gling  Brio  Software  Inc.  on  Oct.  16,  last 
week  said  it  plans  to  begin  delivering 
integration  hooks  between  its  line  of 
data  analysis  products  and  Brio’s  query 
and  reporting  tools  by  year’s  end. 

John  Kopcke,  Hyperion’s  chief  tech¬ 
nology  officer,  said  the  Sunnyvale, 
Calif.-based  company  will  release  a 
complete  integration  road  map  later 
this  year.  But  he  noted  that  Hyperion’s 
plans  include  a  common  services  ar¬ 
chitecture  that  will  give  users  a  single 
sign-on  feature  and  other  shared  capa¬ 
bilities  for  the  two  product  lines. 

And  by  next  spring,  Hyperion  ex- 


Middleware. 

It’s  on  the  trading  floor. 


CEO  Responds  on  Firing 

In  response  to  Geer’s  comments  about 
his  firing,  James  Mobley,  ©stake’s 
president  and  CEO,  said  in  a  statement 
that  he  placed  “a  number  of  unreturned 
phone  calls”  to  Geer  before  the  compa¬ 
ny  announced  his  dismissal. 

“He  finally  returned  my  call  after  the 
release  of  the  report  [on  Microsoft],  at 
which  time  I  informed  him  that  his  ser¬ 
vices  were  no  longer  required,”  Mobley 
said.  “This  conversation  occurred  prior 
to  my  authorization  of  the  release  of 
©stake’s  public  statement.” 

Mobley  added  that  he  has  “the  great¬ 
est  respect  for  Dr.  Geer  as  a  research 
scientist  and  security  expert.” 

-  Dan  Verton 

poor  system  configurations.  There  is  that 
point,  frankly.  But  if  I  had  to  choose 
between  which  [approach]  we  could 
have  in  the  future,  there  is  no  question 
in  my  mind.  As  far  as  configuration 
difficulty,  the  reason  one  has  [that]  is 
because  most  large  systems  have  too 
many  knobs  to  adjust.  When  you  have 
too  many  knobs  to  adjust,  you  don’t 
adjust  them. 

What  are  your  plans  now?  I’m  being  inun¬ 
dated  by  people  who  want  to  do  my 
planning  for  me.  But  there  seems  to  be 
no  shortage  of  things  one  can  do  with 
the  rest  of  one’s  life.  ©  41790 


pects  to  be  ready  to  demonstrate  tech¬ 
nology  that  will  support  all  querying, 
reporting  and  analysis  functions  from 
a  single  user  interface,  Kopcke  said. 

Hyperion  is  also  working  to  tie  to¬ 
gether  specific  products.  For  example, 
links  between  its  budgeting  and  busi¬ 
ness  performance  management  appli¬ 
cations  and  Brio’s  tools  are  due  this 
quarter,  Kopcke  said.  That  will  let 
users  craft  reports  that  combine  opera¬ 
tional  data  from  ERP  and  other  trans¬ 
action  systems  with  finance  informa¬ 
tion  from  Hyperion’s  software. 

Hyperion  in  July  agreed  to  buy  Santa 
Clara,  Calif.-based  Brio  in  a  cash  and 
stock  deal  that  was  valued  at  $142  mil¬ 
lion  [QuickLink  40138]. 

For  Brio,  the  deal  has  “brought  a 
zombie  back  from  the  near-dead,”  said 
Mike  Schiff,  an  analyst  at  Current 
Analysis  Inc.  in  Sterling,  Va.  “Brio  is 
being  taken  seriously  again.”  For  exam¬ 
ple,  Brio  and  IBM  last  week  announced 
two  product  bundles  that  will  include 
Brio’s  tools  and  IBM’s  DB2  Data  Ware¬ 
house  software,  Schiff  said.  ©  41795 
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Cisco,  Huawei  Look  to  Settle 
Software-Copying  Lawsuit 


Cisco’s  claims  put  on 
hold  pending  review 
of  product  changes 

BY  MATT  HAMBLEN 

Cisco  Systems  Inc.  and  Huawei  Tech¬ 
nologies  Co.  last  week  announced  an 
agreement  that  moves  them  toward  a 
settlement  of  a  lawsuit  Cisco  filed  in 
January  charging  Huawei  with  pirating 
its  internetworking  software  and  in¬ 
fringing  on  at  least  five  patents. 

The  two  companies  said  in  a  brief 
statement  that  they  had  agreed  to  stay, 
or  put  on  hold,  Cisco’s  suit,  which  was 
filed  in  U.S.  District  Court  in  Marshall, 
Texas.  The  stay  will  remain  in  effect 
pending  an  outside  expert’s  review  of 
changes  that  Shenzhen,  China-based 


Huawei  has  made  to  its  Quidway 
router  and  switch  products  in  response 
to  Cisco’s  claims,  according  to  officials 
from  the  networking  rivals. 

Cisco  and  Huawei  added  in  their 
joint  statement  that  they  expect  the 
deal  “will  lead  to  the  end  of  the  law¬ 
suit.”  However,  it  could  take  up  to  six 
months  to  complete  the  independent 
review  process,  said  Ron  Friedman,  as¬ 
sociate  general  counsel  at  3Com  Corp., 
which  intervened  in  the  suit  on  behalf 
of  Huawei  in  June. 

Settling  the  lawsuit  would  eliminate 
a  potential  cloud  hanging  over  the  net¬ 
working  equipment  joint  venture  that 
3Com  and  Huawei  are  setting  up  in 
Hong  Kong.  Friedman  said  Marlboro, 
Mass.-based  3Com  welcomes  the 
agreement  between  Cisco  and  Huawei, 


Palm’s  Tungsten  Device  Adds 
Bluetooth,  Widescreen  Support 


BY  BOB  BREWIN 

Palm  Inc.  last  week  introduced  three 
handheld  devices,  including  a  high-end 
model  with  Bluetooth  short-range 
wireless  capabilities  and  a  320-by-480- 
dpi  color  screen  that  can  be  used  in  ei¬ 
ther  vertical  or  horizontal 
mode. 

Milpitas,  Calif.-based 
Palm  said  the  Tungsten  T3 
handheld  is  based  on  Intel 
Corp.’s  32-bit  XScale  proc¬ 
essor  and  includes  im¬ 
proved  personal  informa¬ 
tion  manager  tools  and  IBM’s  Java- 
based  WebSphere  Micro  Environment 
software.  The  5.5-oz.  device  costs  $399 
and  is  designed  for  corporate  users, 
said  Anthony  Armenta,  a  senior  prod¬ 
uct  manager  at  Palm’s  hardware  unit. 

Jeff  White,  a  longtime  Palm  user 


Palm  Tungsten  T3  Handheld 

A  horizontal  screen  is  designed  to 
make  it  easier  to  read  documents. 


who  is  a  biomedical  engineer  at  Miami 
Children’s  Hospital  in  Coral  Gables, 
Fla.,  said  the  T3  packs  a  lot  of  function¬ 
ality  into  a  small,  lightweight  computer 
that  can  be  carried  in  the  scrubs  worn 
by  doctors  and  nurses. 

The  T3’s  ability  to  switch 
from  the  standard  portrait¬ 
shaped  screen  used  by  most 
handheld  devices  to  a  land¬ 
scape  mode  makes  it  easier 
to  read  documents,  White 
said.  “People  naturally  want 
to  scroll  up  and  down,  and 
they  hate  to  scroll  sideways,”  he  said. 

White  also  praised  the  battery  life  of 
the  T3,  saying  that  the  battery-level  in¬ 
dicator  on  a  device  he  received  via  an 
early  shipment  still  read  100%  after  be¬ 
ing  used  for  four  days.  Previous  Palm 
models  have  run  out  of  power  in  a  mat¬ 
ter  of  hours,  according  to  White. 

The  T3  has  better  screen  resolution 
than  any  rival  devices  based  on  Micro¬ 
soft  Corp.’s  Pocket  PC  operating  sys¬ 
tem,  said  Sam  Bhavnani,  an  analyst  at 
ARS  Inc.  in  La  Jolla,  Calif.  He  noted 
that  the  horizontal  landscape  viewing 
mode  will  make  it  easier  to  read  not 
only  text  documents  but  also  Excel 
spreadsheets,  because  end  users  will 
be  able  to  see  a  larger  number  of 
spreadsheet  cells  than  they  can  in  por¬ 
trait  mode.  ©  41800 
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and  he  predicted  that  the  deal  won’t 
have  any  negative  affect  on  the  forma¬ 
tion  of  the  joint  venture. 

The  joint  venture  is  due  to  begin  op¬ 
erations  next  month  provided  the  Chi¬ 
nese  government  signs  off  on  the  plan. 
It  will  develop  enterprise  networking 
products  and  sell  them  in  China  and 
Japan,  with  3Com  han¬ 
dling  sales  in  the  U.S. 
and  elsewhere. 

Separate  from  the 
joint  venture,  3Com  has 
already  begun  shipping 
two  Huawei  products 
packaged  with  its  own 
user  interfaces  and 
technical  support  ser¬ 
vices.  3Com  last  week 
announced  a  Huawei- 
built  WAN  router  line 
[QuickLink  41657],  and 
in  July  it  released  a  core 
LAN  switch  made  by 
the  Chinese  company. 

Ted  Malos,  director 
of  technology  at  the 
Ventura  Unified  School 
District  in  Ventura,  Calif.,  uses  both 
Cisco  and  3Com  products  and  plans  to 
evaluate  the  new  WAN  routers  that 
3Com  is  selling.  Malos  said  Cisco’s 
lawsuit  against  Huawei  “seemed  kind 
of  odd”  and  added  that  it  had  not  af¬ 
fected  his  technology  purchasing 
plans. 


The  suit  alleges  that  Huawei  copied 
portions  of  Cisco’s  IOS  source  code  for 
use  in  the  Quidway  product  line,  which 
isn’t  being  sold  by  3Com,  said  Zeus 
Kerravala,  an  analyst  at  The  Yankee 
Group  in  Boston.  Kerravala  added  that 
Bruce  Claflin,  3Com’s  president  and 
CEO,  told  analysts  earlier  this  year  that 
the  company  would 
avoid  reselling  any  of 
Huawei’s  products  if 
they  possibly  infringed 
on  Cisco’s  patents. 

In  filing  the  lawsuit 
against  Huawei,  Cisco 
officials  “were  rightly 
concerned  about  their 
intellectual  property 
and  patents,”  said  Nick 
Lippis,  an  analyst  at 
Lippis  Consulting  in 
Hingham,  Mass.  But, 
Lippis  noted,  Cisco  also 
was  worried  that 
Huawei’s  alleged  copy¬ 
ing  of  its  software  code 
and  technical  documen¬ 
tation  could  result  in  a 
“flooding  of  the  market  with  very 
cheap  products.” 

Cisco  sought  monetary  damages  as 
part  of  its  January  complaint,  but  all 
the  parties  to  the  case  last  week  de¬ 
clined  to  comment  on  whether  Huawei 
would  have  to  make  any  payments  if 
the  suit  is  settled.  ©  41799 


Cisco’s  suit 
charges  that 
Huawei: 

COPIED  PORTIONS  of 

Cisco's  I0S  software,  includ¬ 
ing  source  code  and  its 
command  line  interface. 

ILLEGALLY  USED  technical 
documentation  that  was 
copyrighted  by  Cisco  in  its 
own  product  manuals. 

INFRINGED  ON  at  least  five 
Cisco  patents  related  to  pro¬ 
prietary  routing  protocols. 


Middleware. 

It’s  in  the  end  zone. 
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MARYFRAN  JOHNSON 


Credibility  at  Stake 


Another  report  on  Microsoft  made 
front-page  news  last  week,  once  again 
raising  credibility  questions  and  contro¬ 
versy.  This  time,  the  story  [‘Anti-Micro¬ 
soft  Security  Report  Mired  in  Politics,”  QuickLink 


41727]  started  out  being 
about  one  thing  —  a  re¬ 
search  report  claiming 
that  there  are  global  se¬ 
curity  threats  inherent  in 
Microsoft’s  monopoly 
position  in  IT  infrastruc¬ 
tures  —  but  ended  up  be¬ 
ing  about  quite  another. 

One  of  the  report’s 
seven  authors  (all  of 
them  respected  security 
experts)  was  fired  for 
taking  part  in  this  very 
public  criticism  of  Microsoft.  Dan 
Geer,  now  the  former  CTO  of  secu¬ 
rity  consultancy  @stake,  became  the 
focus  of  this  suddenly  more  inter¬ 
esting  and  politicized  story.  Micro¬ 
soft  is  one  of  @stake’s  major  clients, 
you  see,  and  Geer  is  way  too  smart 
not  to  have  known  what  was,  ahem, 
at  stake  when  he  signed  his  name  to 
“Cyberinsecurity:  The  Cost  of  Mo¬ 
nopoly.” 

Publicly  ticking  off  a  major  client 
while  embarrassing  your  CEO  is  no¬ 
body’s  recipe  for  job  longevity. 

Yet  in  an  interview  with  our  re¬ 
porter  (see  page  18),  Geer  seemed  to 
revel  in  the  outcome.  When  asked 
why  the  group  had  chosen  to  launch 
the  report  from  the  anti-Microsoft 
Computer  &  Communications  In¬ 
dustry  Association,  Geer  called  the 
move  “an  unqualified  success.”  He 
said  it  became  even  more  of  a  suc¬ 
cess  “by  adding  the  publicity  engine 
of  dissing  me  in  the  process.  It  was 
almost  a  gift.”  A  gift  for  whom?  I 
wonder.  Not  for  the  credibility  of 
that  report,  which  is  a  shame,  be¬ 
cause  it  makes  many  valid  points 
about  the  security  costs  of  Mi¬ 
crosoft’s  dominance.  But  many  of 
our  readers  told  us  that  industry 
politics  and  the  CCIA’s  bias  under¬ 
mined  the  impact  of  the  24-page  re- 
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port.  Geer’s  firing  played 
out  more  like  a  publicity 
stunt  than  a  punishment 
for  engaging  in  free 
speech  —  although  it 
clearly  had  some  ele¬ 
ments  of  that. 

The  bigger  disap¬ 
pointment  here  was  how 
little  this  expert  treatise 
had  to  offer  by  way  of 
recommendations  for  IT 
managers  struggling  to 
secure  their  enterprises. 
It  laid  a  lump  of  blame  on  the  feder¬ 
al  government’s  doorstep  (as  if  Un¬ 
cle  Sam  will  even  blink),  and  anoth¬ 
er  with  the  user  companies  that  buy 
Microsoft’s  security-challenged 
products  because  they  have  little  or 
no  choice.  But  the  only  solutions 
were  directed  at  the  government, 
which  has  a  lamentable  record  of 
getting  Microsoft  to  do  anything. 

For  example,  the  feds  were  urged  to 
“vigorously”  force  Microsoft  to  pub¬ 
lish  interface  specifications  for  Win¬ 
dows  and  Office  and  to  make  nice 


with  vendor  consortia  on  develop¬ 
ment.  Pretty  tepid  advice  over 
which  to  risk  your  credibility. 

*  *  * 

On  another  credibility  issue,  I 
wrote  about  Forrester  Research’s 
tainted  Microsoft  vs.  Linux  report  in 
this  space  two  weeks  ago  [Quick- 
Link  41489].  A  number  of  you  ap¬ 
plauded  our  new  policy  of  requiring 
disclosure  on  the  funding  behind  IT 
research  reports.  A  few  wondered 
why  we  weren’t  doing  so  all  along. 

I  also  heard  from  Forrester  CEO 
George  Colony,  who  agreed  that  the 
Microsoft  sponsorship  of  the  Linux 
report  had  compromised  his  firm’s 
credibility.  He  responded  by  posting 
a  new  “integrity  and  objectivity” 
policy  on  www.forrester.com,  in 
which  he  vows  to  no  longer  “accept 
projects  that  involve  paid-for,  publi¬ 
cized  product  comparisons.” 

Forrester  will  still  conduct  spon¬ 
sored  vendor  research,  Colony  ex¬ 
plained,  but  no  one  will  have  brag¬ 
ging  rights  about  the  results.  “Every 
company  has  conflicts  of  interest 
that  have  to  be  managed,”  he  said  of 
the  potential  for  vendor  clients  to 
influence  the  analysts  advising  user 
clients.  “It’s  how  you  manage  the 
conflict  that  matters.” 

Indeed.  Your  credibility  can  be, 
um,  at  stake.  ©  41805 


PIMM  FOX 

Cleaning  Up 
The  Kingdom 
Of  Content 

CONTENT  may  be  king, 
but  if  so,  the  kingdom 
is  a  royal  mess.  Compa¬ 
nies  are  bogged  down  trying 
to  meld  information  from  dis¬ 
parate  departments,  then 

pushing  it  through  a  cumbersome  ap¬ 
proval  process  only  to  be  stymied  by  a 
publishing  routine  that’s  time-consum¬ 
ing  and  error-prone.  And  with  greater 
emphasis  being  placed  on  the  integra¬ 
tion  of  business  units  and  collabora¬ 
tion  with  internal  and  external  part¬ 
ners,  the  demand  for  simple,  straight¬ 
forward  content  management  systems 
(CMS)  is  acute. 

Luckily,  there  are  ways  to  clean  up 
the  mess.  By  offload¬ 
ing  the  software  com¬ 
ponents  to  applica¬ 
tion  service  provid¬ 
ers,  content  manage¬ 
ment  can  be  done  via 
a  Web-based  service 
with  common  tem¬ 
plates,  step-by-step 
formats,  access  con¬ 
trols  and  shared  de¬ 
sign  elements. 

It’s  important  to 
note  that  a  CMS  isn’t 
the  same  as  a  document  or  file  man¬ 
agement  system,  nor  is  the  ASP  model 
appropriate  when  you’re  looking  for 
enterprise  portals  connected  to  robust 
back-end  applications. 

But  there  are  distinct  advantages. 
Consider  the  experience  of  Josh  Hoo¬ 
ver,  marketing  systems  manager  at  Wa¬ 
terloo,  Wis.-based  Trek  Bicycle  Corp. 
He  has  developed  Web  sites  for  several 
Trek  brands,  working  with  numerous 
advertising  agencies  in  the  process. 

But  there  wasn’t  a  unified  approach  to 
content,  nor  was  there  a  coherent 
schedule  controlled  by  Trek’s  market¬ 
ing  team.  Worse,  it  was  expensive  to 
make  changes  to  all  of  those  Web  sites. 

“No  one  knew  where  anything  was  in 
the  process,”  says  Hoover,  who  also  had 
to  work  out  how  to  handle  the  transla¬ 
tion  services  needed  in  Trek’s  growing 
European  business.  “We  would  give  the 
content  to  the  agency,  who  would  pass 
it  to  translators,  who  would  pass  it  back 
to  the  agency,  who  would  then  pass  it 
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How  Santa  Clara  University 
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The  idea 


was  to  provide  more  widespread  access  to 
business-critical  enterprise  applications  without 
increasing  the  administrative  burden  on  the  IT  department.  Before 
that  goal  would  be  realized,  however,  Santa  Clara  University 
(SCU)  got  a  lesson  in  what  can  go  wrong  with  Web-based  applica¬ 
tions  and,  more  importantly,  how  to  remedy  the  problems. 


In  July  of  2002,  SCU  made  the 
move  to  PeopleSoft  8,  the  Web- 
enabled  version  of  the  popular  appli¬ 
cation  suite.  The  school  uses 
PeopleSoft  to  support  human 
resources,  financial  and  student 
administration  applications,  including 

SCU’S  REDLINE  BENEFITS 
AT  A  GLANCE: 

■  Bandwidth  reduction:  E|X  3250 
reduces  bandwidth  requirements 
by  up  to  10M  bit/sec,  saving  SCU 
at  least  $48,000  per  year. 

■  Increases  server  capacity: 

Offloads  connection  management, 
1/0  and  SSL  processing,  essentially 
cutting  server  loads  in  half. 

■  Reduces  number  of  network 
components:  Reduces  the  amount 
of  data  traffic,  enabling  network 
components  such  as  firewalls  to 
handle  more  load. 


admissions,  financial  aid  and  course 
registration  programs,  says  Ron 
Danielson,  chief  information  officer 
for  SCU,  an  8,000-student  university 
in  Santa  Clara,  Calif. 

“As  much  as  we  possibly  can, 
it’s  our  intention  to  push  access  to 
administrative  information  out  to 
students,  faculty  and  staff,”  Danielson 
says.  With  the  previous  version  of 
PeopleSoft,  that  was  a  challenge 
because  it  required  client  software  on 
each  user’s  desktop.  “With  the  Web 
front  end,  anybody  with  a  browser 
can  come  in  and  get  access.” 

Access  they  did,  so  much  so  that 
the  university’s  application  servers 
were  overloaded  and  performance 
was  much  slower  than  with  the  previ¬ 
ous  version.  “We  were  one  of  the 
first  half-dozen  universities  in  the 
country  to  upgrade  to  PeopleSoft  s 
new  Web-based  product,  and  we 
thought  we’d  spec’d  out  our  network 
and  equipment  adequately  to  meet 
our  performance  needs,”  he  says.  “But 
we  weren’t  even  close.” 


IN  SEARCH  OF  A  FIX 

Initially,  Danielson  and  his  staff  tried 
throwing  more  hardware  and  software 
at  the  problem.  To  an  initial  configu¬ 
ration  of  one  Web  server  and  one 
application  server,  they  added  three 
more  Web  servers  and  one  new  appli¬ 
cation  server.  They  also  brought  in 
performance  management  and  soft¬ 
ware  tuning  tools,  and  changed  some 
PeopleSoft  parameters  related  to 
processing  input  from  users. 

“This  brought  performance  to  an 
‘acceptable’  level,”  Danielson  says. 
“But  now  we  had  six  servers  instead 
of  two,  and  we  were  still  spending  a 
lot  more  time  on  the  problem  than 
we  would  have  liked." 

In  the  fall  of  2002,  the  university 
learned  about  Redline  Networks  of 
Campbell,  Calif.  Redline  makes  a 
family  of  appliances  designed  to 
improve  Web-based  application 
performance  by  offloading  from  the 
server  I/O  processing  and  connection 
management  chores,  while  compress¬ 
ing  content  to  conserve  bandwidth. 
The  appliances  also  handle  Secure 
Sockets  Layer  (SSL)  processing,  thus 
serving  to  improve  security. 

LESS  BANDWIDTH, 

MORE  PERFORMANCE 

In  November,  SCU  installed  one  of 
Redline ’s  E  |  X  3250  appliances  and 
saw  an  immediate,  dramatic  improve- 
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The  Redline  E\X  3250  has  delivered  on  all  its  claims  for  Santa  Clara  University  CIO  Ron 
Danielson  (center)  and  his  staff,  which  includes  Alberto  Roman  (left)  and  Nita  Mukherjee. 
Not  pictured  are  Mai  Anh  Pham-Ky  and  Todd  Sclimitzer. 


ment.  Bandwidth  usage  associated 
with  the  PeopleSoft  applications 
plummeted  by  70%,  thanks  to  the 
compression  features  inherent  in  the 
E  |  X  3250.  At  the  same  time,  because 
the  E  |  X  3250  handled  connection 
management  chores  and  I/O  process¬ 
ing,  server  capacity  effectively 
doubled. 

The  magnitude  of  server  capacity 
and  performance  improvements  hit 
home  when  one  of  the  university’s 
servers  went  down  for  more  than  a 
week.  “We  didn’t  even  notice  a 
change  in  performance,”  Danielson 
says.  “That  tells  us  how  much  head- 
room  the  Redline  box  has  given  us 
with  our  PeopleSoft  applications.” 

Like  the  rest  of  Redline’s  enterprise 
application  processors,  the  E  |  X  3250 
sits  in  front  of  servers  and  receives 
requests  from  hundreds  or  thousands 
of  client  browsers.  It  processes  the 
thousands  of  relatively  slow  requests 
as  they  come  in  from  users  and  shut¬ 
tles  them  to  the  appropriate  servers  at 
high  speed  over  just  a  few  dozen  per¬ 
sistent  TCP  connections. 

“As  far  as  the  Web  servers  are  con¬ 
cerned,  they  have  a  single  connection, 
which  is  to  the  Redline  box,’ 
Danielson  says.  The  servers  no  longer 
have  to  perform  complex  scheduling 
of  requests  arriving  randomly  over  a 
large  number  of  connections.  Instead, 
they  service  each  response  as  it  arrives 
and  send  information  back  to  the 
enterprise  application  processor, 
which  delivers  pages  to  the  client 
browser  at  whatever  speed  the  brows¬ 
er  can  efficiently  handle. 

The  E  |  X  3250  worked  so  well  for 
SCU’s  PeopleSoft  implementation 
that  the  university  soon  installed  an 
additional  unit  to  improve  the  per¬ 
formance  of  Novell  GroupWise 
servers  that  provide  Web-based  e-mail 
access.  Here  the  E  |  X  3250  sits  in 
front  of  four  servers,  performing  load 
balancing,  connection  management 
and  compression.  For  its  GroupWise 


application,  the  university  also  takes 
advantage  of  the  E  |  X  3250’s  SSL 
offload  capability,  which  obviates  the 
need  for  the  servers  to  maintain  large 
amounts  of  user  data,  including  client 
certificate  information.  It  also  ensures 
that  end  users  have  no  direct  access  to 
the  application  servers  and  the  often- 
sensitive  information  they  contain. 

Results  from  the  GroupWise 
implementation  have  been  similar  to 
those  for  PeopleSoft:  bandwidth  con¬ 
sumption  on  the  university’s  WAN 
links  has  been  cut  in  half  and 
response  time  has  improved. 

SAVINGS,  SAVINGS, 
SAVINGS 

The  bottom  line,  Danielson  says,  is 
that  the  Redline  appliances  enable 
SCU  to  realize  savings  in  three  areas: 
bandwidth  reduction,  increased  server 
capacity  and  extended  life  cycle  of 
other  network  components. 

Bandwidth  savings  come  from  the 
compression  features  of  the  appliance, 
which  are  browser-aware  to  adaptive¬ 
ly  compress  content  for  each  request¬ 
ing  user  and  never  require  specialized 
client  software.  The  features  save  6M 


to  10M  bit/sec  of  bandwidth,  which 
Danielson  says  would  cost  the  univer¬ 
sity  an  additional  $4,000  to  $5,000 
per  month. 

In  terms  of  server  capacity, 
Danielson  figures  he  could  remove 
two  of  the  four  servers  supporting  his 
PeopleSoft  implementation  without 
suffering  a  performance  hit,  although 
he  has  opted  to  leave  the  installation 
as-is  to  allow  for  anticipated  growth 
in  the  number  of  applications  and 
users.  Similarly,  on  the  e-mail  side, 
“We  probably  won’t  have  to  grow 
that  server  firm  dramatically  to 
handle  additional  load,”  he  says. 

Just  as  the  Redline  appliances 
enable  him  to  get  more  life  out  ot  his 
servers,  they  do  the  same  for  network 
components  such  as  firewalls.  “With 
the  Redline  box  reducing  bandwidth 
usage,  there’s  less  for  the  firewalls  to 
examine,”  so  a  single  firewall  can 
effectively  handle  more  load. 

In  coming  months,  SCU  will  be 
adding  to  its  Redline  implementation 
another  server  group  that  supports 
university  financial  applications. 

To  sum  up,  Danielson  says,  “This 
box  delivers  on  all  its  claims.’ 


LEARN  MORE  ABOUT  REDLINE  NETWORKS  ONLINE: 

Hear  Ron  Danielson  tell  his  story  in  an  on-demand  webcast.  Visit:  http://www.itworld.com/redline2 
Download  the  white  paper,  “The  New  Data  Center:  Toward  a  Consolidated  Platform.” 

Vi  sit:  h  ttp:/  /www.  redli  nen  etwo  rks.  com/p/whitepaperreq  ues  t 
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Redline 


ON  THE 

Front 


Line 


“ Redline  enabled  Santa  Clara  University  to  realize  savings  in 
bandwidth ,  server  capacity  and  extended  network  life  cycle.  ” 
-Ron  Danielson ,  C/0,  Santa  Clara  University 
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Speed  Up  Your  Web  Applications:  Redline  Networks’  E|X  enterprise 
application  processors  speed  downloads,  increase  capacity,  harden 
security  and  enhance  the  reliability  of  your  web-enabled  enterprise 
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back  to  us  in  this  long,  burdensome 
process,”  he  recounts. 

Hoover  checked  out  CMS  products 
from  Microsoft  Corp.,  RedDot  Solu¬ 
tions  Corp.  in  New  York  and  Crown- 
Peak  Technology  in  Los  Angeles,  with 
an  eye  toward  a  hosted  system  because 
of  a  previous  good  experience  with 
ASP  versions  of  sales  force  automation 
technology.  After  the  review,  Trek  se¬ 
lected  CrownPeak  because  of  its  fea¬ 
ture  set,  the  ability  to  incorporate  sev¬ 
en  languages  into  the  workflow  (in¬ 
cluding  support  for  double-bit  charac¬ 
ters  for  Japanese,  which  is  important, 
since  Japan  is  a  growing  market  for 
Trek)  and  its  forms-based  construc¬ 
tions.  Cost  was  also  a  big  factor,  since 
the  ASP  model  is  substantially  less  ex¬ 
pensive  than  a  prepackaged  suite. 

Now  Trek  controls  its  main  site,  cut¬ 
ting  out  the  ad  agencies.  It  has  a  new 
Web  interface  and,  with  new  user  per¬ 
missions,  authoring  and  editing  tools, 
it’s  off  and  pedaling.  The  new  site  also 
deftly  handles  outside  links  to  Trek’s 
dealer  network. 

When  you’re  finally  ready  to  take  re¬ 
sponsibility  for  content  and  don’t  need 
massive  archiving  and  back-end  con¬ 
nections,  ASP  content  management  is 
the  right  path.  ©  41732 

THORNTON  MAY 

A  New  Era  of 
Living  Data 
Is  Coming 

RESEARCH  being  con¬ 
ducted  in  conjunction 
with  the  Managing  the 
Information  Resource  Pro¬ 
gram  at  UCLA  indicates  that 

we  are  a  mere  10  years  away 
from  the  day  when  every  molecule  on 
this  planet  could  be  assigned  an  IP  ad¬ 
dress.  Such  a  possibility  underscores 
our  need  to  intellectually  grasp  the 
massive  changes  afoot  in  the  evolution 
of  information  and  its  management. 

I  wonder  if  we’re  prepared  for  the 
’  upheaval  ahead.  In  his  1934  seminal 
work,  Technics  and  Civilization,  Lewis 
Mumford,  the  premier  technology  his¬ 
torian  of  the  early  20th  century,  de¬ 
scribed  the  first  three  eras  of  modern 
technology  as  follows: 

■  The  Eotechnic  Epoch:  Machines  are 
made  of  wood  and  are  driven  by  water 
or  wind. 

■  The  Paleotechnic  Epoch:  Machines  are 


made  of  iron  and  are  driven 
by  steam. 

■  The  Neotechnic  Epoch: 

Machines  are  made  of  engi¬ 
neered  materials  and  are  dri¬ 
ven  by  electricity. 

The  early  days  of  technol¬ 
ogy  were  primarily  focused 
on  the  physical  movement  of 
things.  And  we  haven’t  al¬ 
tered  our  views  much  since 
then.  That’s  about  to  change. 

In  the  not-so-distant  fu¬ 
ture,  in  the  everything-is-a- 
sensor  world  of  ubiquitous 
IP  addresses,  the  most  suc¬ 
cessful  companies  will  be  those  that 
are  adept  at  a  new  kind  of  alchemy  — 
smoothly  and  efficiently  managing  the 
following  triple  transformation: 

1.  Data  to  information. 

2.  Information  to  knowledge. 

3.  Knowledge  to  dollars  or  action¬ 
able  executive  behavior. 

Contemporary  futurists  and  trend 
watchers  concur  that  the  technology 
era  we’re  about  to  enter  will  feature  in¬ 
telligent,  semiaware,  always-on  devices 
made  by  other  intelligent,  semiaware 
devices  driven  by  ubiquitous,  nano¬ 
scale,  data-collecting  sensors. 


The  next  economy  will 
be  all  about  giving  meaning 
to  the  reams  of  data  being 
collected  by  the  infinite  ar¬ 
ray  of  sensors. 

The  winners  will  see 
first,  understand  first  and 
act  first.  These  happen  to 
be  central  tenets  of  the  U.S. 
military’s  transformed  war¬ 
fighting  concepts,  which  in 
turn  are  extrapolations  of 
aerial  combat  tactics 
stressing  the  importance  of 
having  a  more  accelerated 
OODA  loop  (the  ability  to 
observe,  orient,  decide  and  act)  than 
an  enemy  pilot. 

The  radio  frequency  identification 
technologies  currently  transforming 
retailing  and  payment  systems  are  just 
the  tip  of  this  iceberg.  The  previewed 
but  as  yet  unreleased  “Nixon-in-a- 
Tablet-PC”  feature  (i.e.,  the  ability  to 
unobtrusively  record  the  audio  and 
then  machine-transcribe  all  face-to- 
face  interactions)  of  Microsoft’s  new 
product  line  is  a  taste  of  the  panoptic 
infolandscape  we’re  heading  for. 

Unfortunately,  most  organizations 
aren’t  currently  set  up  to  prosper  in  a 


truly  “infomated”  economy.  For  the 
longest  time,  IT  management  has 
treated  the  following  not  as  a  phrase 
but  as  a  single  word,  with  emphasis  on 
the  last  four  syllables:  information- 
technology. 

Historically  significant  practitioners 
of  the  information  arts  (librarians, 
archivists,  content  managers,  content 
creators,  intellectual  property  advo¬ 
cates  and  taxonomy  creators)  have 
been  nudged  further  aside  in  the  Nap- 
ster-swapped/Google-searched  early 
stages  of  the  Information  Age.  The 
skills  associated  with  managing  knowl¬ 
edge  (what  we  know  and  being  able  to 
discern  what  is  worth  knowing)  still 
aren’t  given  their  due. 

But  they  will  have  to  be  elevated  in 
the  corporate  hierarchy  as  the  infomat¬ 
ed  economy  accelerates.  The  situation 
brings  to  mind  Star  Trek:  The  Next 
Generation’s  most  memorable  charac¬ 
ter,  the  sentient  android,  Data.  The 
Trekkies  succeeded  in  making  data 
come  alive.  Now  it’s  our  turn.  ©  41734 


WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 
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Readers  Reject,  Defend  Rogue  IT  Projects 


Rogue  projects  [“Dealing 
With  Rogue  IT,”  QuickLink 
10666]  are  necessary.  I’ve  been 
>art  of  a  few,  and  a  small  number 
hat  I  worked  on  are  still  in  use  after 
nany  years.  IT  managers  tend  to 
tlan  projects  to  death,  sometimes 
banning  until  the  technologies  are 
ibsolete.  I've  watched  them  spend 
line  months  planning  to  deploy 
jackbone  switches  and  then  put 
hem  on  the  network  using  the  de- 
ault  configuration.  Most  rogue  ap- 
olications  are  up  and  running  for 
nonths  before  people  find  out 
ibout  them,  and  they’ve  been  test- 
ad  better  than  those  from  IT  staff 
aeople.  After  all,  it’s  in  the  rogue  de- 
/elopers’  best  interest  to  ensure 
hat  everything  works,  since  that  al- 
ows  them  to  continue  to  field  what 
s  needed  for  their  users. 

Tom  Philo 

IT  specialist,  Portland,  Ore. 

The  IT  department  needs 
some  respect.  It’s  bad  enough 
to  take  the  blame  for  projects  that 
failed  due  to  lack  of  insight,  funding 
nr  i  inderstandina.  It's  even  worse  to 


be  blamed  for  failed  projects  that 
the  department  had  no  handle  on.  If 
IT  departments  tolerate  rogue  IT, 
the  result  will  be  squandered  re¬ 
sources  as  departments  re-create 
unneeded  processes.  Would  your 
sales  unit  tolerate  IT  making  sales 
calls  to  your  best  customers? 
Benjamin  M.  Vogel 
IT  director,  Protect-all  Inc., 
Darien,  Wis. 

WHY  DO  YOU  THINK  business 
people  go  around  IT?  A  better 
question  is,  Why  should  we  go 
through  an  outfit  that  is  dedicated 
to  destroying  us?  Rogue  IT  is  unfor¬ 
tunate,  but  why  aren’t  you  asking 
why  there  is  a  need  for  it?  Why  not 
ask  why  IT  doesn’t  help  us  fools 
down  in  the  trenches? 

Vic  Watkins 
Ogden,  Utah 

WHETHER  OR  NOT  rogue  IT 
projects  make  sense  probably 
depends  on  whether  the  IT  group  or 
the  business  units  are  more  capa¬ 
ble  of  determining  R0I.  ROI  is  best 
determined  as  a  joint  effort,  but 


many  centralized  IT  groups  seem  to 
be  determined  to  run  without  ac¬ 
countability,  and  many  companies 
haven’t  put  in  place  the  appropriate 
processes  to  allow  for  effective 
communication.  Funnily  enough, 
when  I  saw  the  title  of  the  article 
“Dealing  with  Rogue  IT,"  I  initially 
thought  it  was  going  to  be  about  IT 
departments  that  have  stopped 
looking  at  the  impact  of  their  ac¬ 
tions  on  the  rest  of  the  business. 
Scott  Albrecht 
Chicago 

IT  DEPARTMENTS  generally  want 
to  maintain  what  they  know,  but 
what  they  know  isn't  up  to  date  with 
new  technology.  “Rogue”  efforts 
result  when  centralized  IT  becomes 
so  ossified  or  out  of  touch  with  user 
needs  that  IT  policies  prevent  rea¬ 
sonable  business  workflow  sup¬ 
port.  Some  technologies  that  were 
disparaged  by  backwards-looking 
IT  departments  include  PCs,  PC 
LANs,  e-mail,  Internet  access,  de¬ 
partmental  Web  sites,  instant  mes¬ 
saging  and  Web  apps.  When  there 
are  many  rogue  efforts,  it  means  IT 
is  failing  to  keep  up  with  available 
technology  and  to  communicate. 


It's  better  to  issue  standards  than 
rules.  The  rule  “You  may  not  have 
wireless"  is  far  less  productive  than 
the  guideline  “Any  net  devices  must 
allow  verification  of  every  user.” 
James  Nickson 
Ronin  Software  Group, 

New  York, 

j@roninsoftwaregroup.com 

I  ENJOYED  Gary  Anthes’  article  on 
dealing  with  rogue  IT  activity,  but  I 
wish  he  had  addressed  how  to  cope 
when  the  CIO  is  the  one  who  is  driv¬ 
ing  these  projects  behind  IT’s  back. 
Don  Yevin 

Systems  programmer,  Phoenix 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
PO  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 


THORNTON  A.  MAY  is  a 

longtime  industry  ob¬ 
server,  management 
consultant  and  com¬ 
mentator.  Contact  him 

at  thorntonamay@aol.com. 
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The  Unwired  Office 

starts  here. 


The  promise  of  a  truly  wireless  workforce 
is  being  fulfilled.  Because  Intel*  Centrino™  mobile 
technology  delivers  unprecedented  levels  of 
mobility  for  your  users  and  easier  deployment 
for  you.  Intel  is  working  with  other  industry 
leaders  to  make  wireless  networking  not  only 
reliable,  but  secure.  And  Intel  continues  to 
work  closely  with  Cisco  to  extend  Intel  Centrino 
mobile  technology’s  ability  to  support 
enhanced  wireless  security  protocols.*  Now 
you  can  do  something  the  whole  office 
will  thank  you  for.  Unwire.  For  all  the  details, 
go  to  intel.com/unwire. 
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ROBUST  OBJECTS 
AND  BOBUST  SQL 


A  BARI  SIGHT  IN 
DBMS  PRODUCTS 


For  your  next  generation  of  applications,  move 
to  the  next  generation  of  database  technology. 

Cache  is  the  post-relational  database  that  com¬ 
bines  high-performance  SQL  for  faster  queries  and 
an  advanced  object  database  for  rapidly  storing 
and  accessing  objects.  With  Cache,  no  mapping 
is  required  between  object  and  relational  views  of 
data.  That  means  huge  savings  in  both  development 
and  processing  time. 

Applications  built  on  Cache  are  massively  scala¬ 
ble  and  lightning-fast.  Plus,  they  require  minimal  or 
no  database  administration. 

More  than  just  a  database  system,  Cache  incor¬ 
porates  a  power  fill  Web  application  development 


environment  that  dramatically  reduces  the  time  to 
build  and  modify  applications. 

The  reliability  of  Cache  is  proven  every  day  in 
“life-or-death”  applications  at  thousands  of  the  world’s 
largest  hospitals.  Cache  is  so  reliable,  it’s  the  leading 
database  in  healthcare  -  and  it  powers  enterprise  appli¬ 
cations  in  financial  services,  government  and  many 
other  sectors. 

We  are  InterSystems,  a  specialist  in  data  manage¬ 
ment  technology  for  twenty-five  years.  We  provide 
24x7  support  to  four  million  users  in  88  countries. 
Cache  is  available  for  Windows,  OpenVMS,  Linux  and 
major  UNIX  platforms  -  and  it  is  deployed  on  systems 
ranging  from  two  to  over  10,000  simultaneous  users. 
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£  CACHE 

Make  Applications  Faster 

Try  a  belter  database.  For  free. 

Download  a  free,  fully- functional,  non-expiring  version  of  Cache  or  request  it  on  CD  at  www. I nterSvste ms.com  /robust 
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CASE  STUDY 

Cruise  Line  Changes  Bl  Tack 

Holland  America  Line  is  replacing  a  cumbersome, 
big-iron-based  business  intelligence  reporting  sys¬ 
tem  with  a  Web-based  one  that  end  users  can  more 
easily  and  flexibly  access.  Page  32 


QUICKSTUDY 

Aspect-Oriented  Programming 

AOP  is  a  way  of  creating  common  or  similar  functionali¬ 
ty  needed  by  different  parts  of  a  program.  In  this 
method,  specialized  mechanisms  compose  code  mod¬ 
ules,  called  aspects,  into  a  coherent  program.  Page  33 


SECURITY  MANAGER’S  JOURNAL 

Mop-up  Continues  in  Worm  Aftermath 

Without  automated  tools  to  manage  patches 
and  virus  updates,  Mathias  Thurman’s  effort  to 
eradicate  Blaster  fails  and  the  worm  continues  to 
creep  in  through  unprotected  machines.  Page  34 


homes,  facilities  engineers  say.  So 
Sawyer  can  spread  out  the  racks  or 
partially  fill  each  one  to  reduce  overall 
wattage  per  square  foot,  or  he  can  add 
localized,  spot-cooling  systems. 

Although  most  data  centers  don’t 
have  many  high-density  racks  today, 
data  center  managers  are  beginning  to 
replace  server  racks  with  more  com¬ 
pact  designs,  some  of  which  accommo¬ 
date  more  than  300  servers  in  a  single 
42U  rack.  (1U  is  1.75  in.)  “You  can  see  a 
train  wreck  coming,”  says  Kenneth 
Brill,  executive  director  at  The  Uptime 
Institute  Inc.  in  Santa  Fe,  N.M. 

And  while  vendors  say  their  systems 
are  designed  to  run  efficiently  in  fully 
loaded  racks,  they  don’t  necessarily 
take  into  account  the  broader  impact 
that  large  numbers  of  such  racks  will 
have  on  the  rest  of  the  data  center. 

“We  can  deal  with  one  or  two  of 
these  things,  but  we  don’t  know  how  to 
deal  with  lots  of  them,”  says  Brill. 

The  problem  is  compounded  by  two 
facts:  Every  data  center  is  designed  dif¬ 
ferently,  and  the  industry  has  yet  to 
agree  on  a  standard  for  designing  data 
center  cooling  systems  that  can  handle 
15  to  20  kw  per  rack. 

The  current  guidelines  from  the 
American  Society  of  Heating,  Refriger¬ 
ating  and  Air-Conditioning  Engineers 
Inc.  (ASHRAE)  are  outdated,  says  Ed¬ 
ward  Koplin,  president  of  Jack  Dale 
Associates  PC,  an  engineering  consult¬ 
ing  firm  in  Baltimore.  “Design  engi¬ 
neers  are  using  standards  from  the 
days  of  punch  cards  and  water-cooled 
Continued  on  page  26 


John  sawyer  manages  data  cen¬ 
ters  for  corporate  clients  every 
day.  His  company,  Johnson 
Controls  Inc.,  has  plenty  of  ex¬ 
perience  in  data  center  design 
and  management.  Nonetheless, 
the  Milwaukee-based  company’s  care¬ 
fully  designed  and  planned  data  center 
recently  experienced  overheating 
problems  after  installing  blade  servers. 

Many  data  center 
managers  are  just  be¬ 
ginning  to  contem¬ 
plate  large-scale  de¬ 
ployments  with  mul¬ 
tiple  racks  of  ultra¬ 
compact  blade 
servers.  These  new 
systems  take  up  far 


INSIDE 


Ultradense  1U  and  blade  server  racks  are  blazingly  fast 
-  and  amazingly  hot.  Keeping  them  from  burning  up  is  more 
complicated  than  you  might  think.  By  Robert  L.  Mitchell 


Moving  Toward 


Blade  servers  offer 
many  advantages 
over  111  servers,  but 
they're  not  always 
the  better  choice. 


Page  30 


less  space  than  traditional  rack-mount¬ 
ed  servers,  but  they  dramatically  in¬ 
crease  heat  density.  Throwing  multiple 
racks  of  them  into  a  data  center  can  re¬ 
sult  in  problems  ranging  from  outright 
failures  to  unexplained  slowdowns  and 
shortened  equipment  life. 

“Today,  because  of  the  way  the  air 
handlers  are  configured,  we  can’t  han¬ 
dle  more  than  2  kilowatts  per  rack,” 
says  Sawyer,  head  of  critical  facility 
management  services  at  Johnson  Con¬ 
trols.  Sawyer  says  new  air-handling 
equipment  can  boost  that  figure  into 
the  3-to-4-kw  range.  But  new  blade 
servers  could  consume  15  kw  per  hour 
or  more  when  fully  loaded.  That 
equates  to  more  British  thermal  units 
per  square  foot  than  a  typical  house¬ 
hold  oven  and  requires  a  cooling  ca¬ 
pacity  sufficient  to  air-condition  two 
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Continued  from  page  25 
mainframes,”  he  says.  Atlanta-based 
ASHRAE  is  working  hard  on  new  ther¬ 
mal  guidelines,  says  Don  Beaty,  chair 
of  the  group’s  High-density  Electronic 
Equipment  Facility  Cooling  Commit¬ 
tee.  Ele  expects  a  published  standard 
by  year’s  end. 

But  rack  cooling  is  a  big  concern 
right  now  for  Ron  Richardson,  staff 
manager  in  the  IT  operations  center  at 
Qualcomm  Inc.  in  San  Diego.  The 
company’s  chip  division  wants  to  up¬ 
grade  a  large  engineering  compute 
farm  to  make  the  best  use  of  its  design 
software.  “If  our  business  unit  had  its 


Hot  Tips 

For  Keeping  Racks  Cool 
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Consider  spreading  out  hot 
racks  to  reduce  average  heat 
density  per  square  foot. 

Map  the  vertical  profile  of  in¬ 
take  air  temperatures  in  the 
computer  room  at  least  once  a 
quarter.  Keep  temperatures  at 
or  below  75  degrees. 


Keep  bypass  airflow  under 
raised  floors  at  10%  or  below 
by  sealing  raised  floor 
openings. 

Install  the  proper  quantity  of 
perforated  tiles  in  the  cold  aisle. 
Use  40%  or  60%  open  grates 
for  densities  above  3  kw  per 
cabinet. 


8 


Remove  turning  vanes  on  cool¬ 
ing-unit  discharge  air  ducts. 
These  increase  vertical  cold-air 
velocity  and  starve  equipment 
closest  to  the  cooling  unit. 

Raise  cooling  unit  return-air  set 
points  to  72  degrees  to  reduce 
dehumidification  and  increase 
available  cooling  capacity.  (Do 
only  after  bypass  airflow  is  at  or 
below  20%). 

Consider  relocating  cooling 
units  if  hot  spots  persist. 


ip  Keep  that  old  mainframe  water- 
•  v  cooling  system.  Chilled  water 
will  be  coming  back  within  12  to 
24  months  for  high-end  biade- 
sarver  products. 


i- 

i 


Use  a  hot  aisle/cold  aisle  con¬ 
figuration  and  follow  best  prac¬ 
tices.  (See  QuickLink  a3650.) 

Install  internal  blanking  panels 
to  fill  openings  within  the  face 
of  the  rack  or  cabinet  to  prevent 
internal  back-to-front  hot-air 
recirculation. 


SOURCE  THE  JPTiME  RESTITUTE  INC..  SANTA  FE.  N.M 


way,  they  would  want  100  racks  full  of 
[blade]  servers,  but  I  don’t  think  we’ll 
be  able  to  do  that.  Fifteen  kilowatts  is 
incredible.  You  have  to  do  extraordi¬ 
nary  things  to  cool  that  unless  you 
want  to  burn  them  up,”  he  says.  And 
the  idea  of  leaving  racks  partially  filled 
is  a  nonstarter.  “Who  wants  to  put 
servers  in  [part  of]  the  rack  and  leave 
the  rest  empty?”  he  says. 

Some  heat-related  problems  come 
from  inadequately  designed  environ¬ 
ments,  say  engineers.  “We  find  that 
people  consistently  have  trouble  cool¬ 
ing  2-  or  3-kw  racks.  It’s  common  to 
find  a  10-degree  difference  between 
the  floor  and  the  top,”  says  Pitt  Turner, 
principal  at  ComputerSite  Engineering 
Inc.,  also  in  Santa  Fe,  and  a  consultant 
at  The  Uptime  Institute.  The  problem 
is  usually  airflow.  “Normally,  we  find 
excess  [cooling]  capacity  is  installed  in 
the  floor,  and  it’s  poorly  used,”  he  says. 

Avoiding  a  Blowout 

When  rack-top  temperatures  exceed 
75  degrees  Fahrenheit,  heat-related 
problems,  such  as  failures  or  shortened 
equipment  life,  may  begin  to  crop  up. 

In  addition,  many  high-end  blade  proc¬ 
essors  are  designed  to  reduce  clock 
speed  as  temperatures  rise.  This  pro¬ 
tects  components,  but  administrators 
who  aren’t  monitoring  air-intake  tem¬ 
perature  at  the  top  of  the  racks  might 
misinterpret  the  cause  and  add  more 
blades  to  try  to  increase  performance, 
adding  fuel  to  the  not-so-proverbial 
fire,  Brill  says. 

Richardson  decided  to  design  a  new 
data  center  to  accommodate  blade 
servers.  “We  believe  we  can  do  10  kw 
per  rack,”  he  says.  The  plan  uses  a  hot 
aisle/cold  aisle  design  that  involves 
placing  rows  of  racks  so  that  racks  face 
one  another.  Chilled  air  from  the  cold- 
aisle  floor  passes  into  each  rack  and 
out  the  back  into  hot-air  aisles,  where 
it’s  removed  and  cooled  again. 

Going  beyond  that  would  require 
adding  spot  cooling  devices  to  individ¬ 
ual  racks.  Liebert  Corp.,  a  Columbus, 
Ohio-based  division  of  Emerson  Net¬ 
work  Power  Systems  Inc.,  offers  de¬ 
vices  designed  to  pull  hot  air  out  of 
racks  and  cool  it  quickly,  including  ceil¬ 
ing-mounted  air-conditioning  units  and 
bolt-on  exhaust  fans  that  suck  hot  air 
directly  off  the  back  of  racks.  The  prob¬ 
lem  with  that  approach  is  scalability, 
says  Brian  Benson,  senior  mechanical 
engineer  at  consulting  firm  Mazzetti  & 
Associates  Inc.  in  San  Francisco.  “If 
you  put  500  of  those  racks  in,  your  seal- 
ability  and  the  maintenance  [require¬ 
ment]  become  incredible,”  he  says. 

Consultants  disagree  on  how  many 


eServer  Blade  Center  HS20  (84  blades) 

Sun  SunFire  B  series  (224  blades) 
RLX  ServerBlade  3000i  (70  blades) 


Dell  PowerEdge  1655MC  (84  blades) 

*  ProLiant  BL  e-Class  (280  blades) 

Home  oven 


Maximum  kilowatts 
consumed  in  a  fully 
populated,  421)  rack 


These  are  the  maximum  power  requirements  for  a  sampling  of  server  blades  when  operating  in 
a  fully  loaded  rack.  Maximum  blades  per  rack  and  wattage  information  is  based  on  vendor- 
supplied  data.  The  household  oven  wattage  is  included  as  a  reference  point  for  relative  overall 
heat  load  but  is  not  directly  comparable  since  server  racks  are  taller  and  have  a  larger  volume. 


kilowatts  can  be  cooled  effectively 
with  a  traditional,  raised-floor  comput¬ 
er  room  air-conditioning  system.  Most 
say  4  to  5  kw  is  the  upper  limit,  but  the 
real-world  answer  depends  on  each 
data  center’s  design. 

Each  kilowatt  of  load  requires  pass¬ 
ing  140  cubic  feet  per  minute  of  air 
through  the  rack  for  proper  cooling, 
says  Fred  Stack,  a  vice  president  at 
Liebert.  “In  tomorrow’s  rack,  you’re 
looking  at  [more  than]  1,000  cubic  feet 
of  air  per  minute,”  he  says. 

That’s  solvable,  says  Brill,  but  there’s 
no  margin  for  error.  “You  absolutely 
have  to  do  about  a  dozen  things  cor¬ 
rectly,  and  most  sites  aren’t  going  to  do 
that,”  he  says.  That  includes  adequate 
under-floor  space  that’s  sealed  and 
clear  of  cabling,  pipes  and  other  ob¬ 
structions  as  well  as  racks  that  are 
meticulously  sealed  to  control  airflow. 

Buying  extra  cooling  capacity  can  be 
just  as  disastrous  as  an  undersized  sys¬ 
tem  if  it  pushes  the  air  under  the  floors 
too  quickly,  says  Neil  Rasmussen,  chief 
technology  officer  at  American  Power 
Conversion  Corp.  in  Kingston,  R.I. 

“The  fact  that  it’s  flowing  quickly  un¬ 
der  the  floor  actually  causes  a  Venturi 
effect  that  sucks  air  down  into  the 
floor  instead  of  pushing  it  up  into  the 
cold  aisle,”  he  says.  Air  from  the  hot 
aisle  then  flows  over  the  top  of  the 
racks  and  recirculates  through  the 
equipment,  overheating  it. 

Bob  Sullivan,  a  consultant  at  Com¬ 
puterSite  Engineering,  says  he  has 
cooled  7-kw  racks.  But,  he  says,  “it  re¬ 
quires  so  much  air  coming  out  from 
under  the  floor  that  you’re  limited  to 
cooling  about  six  racks  with  a  large 
cooling  unit.”  Overall  load  across  the 
data  center  still  needs  to  stay  at  under 
100  watts  per  square  foot,  he  says.  “Be¬ 
yond  that,  you’re  losing  more  space  to 
cooling  than  you’re  saving  by  com¬ 
pressing  the  racks,”  he  says. 


Meanwhile,  blade  vendors  Hewlett- 
Packard  Co.,  Sun  Microsystems  Inc. 
and  IBM  say  that  blades  will  get  small¬ 
er  and  more  powerful.  IBM,  which  has 
been  down  this  road  before  with  main¬ 
frames,  says  cooling  may  be  going  back 
to  the  future.  “We  don’t  want  to  move 
to  water  cooling,  but  it  feels  like  it’s  in¬ 
evitable.  By  the  end  of  next  year,  we’ll 
be  on  the  brink  of  that,”  says  Jeff 
Benck,  vice  president  of  IBM’s  eServer 
BladeCenter.  And  by  2005,  Benck  says, 
external  water  systems  that  cool  at  the 
individual  blade  or  blade  chassis  level 
will  be  required  equipment. 

HP’s  current  designs  use  blade- 
mounted  fans,  and  the  company  says  it 
should  be  able  to  cool  individual  racks 
at  up  to  18  kw.  However,  Sally  Stevens, 
director  of  marketing  for  blades  at  HP, 
doesn’t  recommend  deploying  blades 
in  fully  loaded  racks. 

Sun  owns  the  Sparc  CPU  used  in  its 
blades  and  therefore  has  more  control 
over  the  design,  but  Chief  Technolo¬ 
gist  Subodh  Bapat  says  the  company  is 
also  looking  toward  liquid  cooling. 

As  server  density  increases,  Johnson 
Controls’  Sawyer  worries  that  more 
complex  cooling  designs  will  increase 
costs  and  create  ongoing  maintenance 
headaches.  “We  need  an  alternative 
that’s  going  to  be  feasible  and  at  the 
same  time  not  elevate  risk,”  he  says. 

Qualcomm’s  Richardson  says  he  has 
discussed  the  issue  with  several  ven¬ 
dors.  “Every  one  has  some  little  tidbit 
that  you  can  learn,  but  nobody  seems 
to  have  every  answer.”  ©  41566 

CHILLOUT 

Collaboration  between  IT  and  facilities  staffs 
will  be  critical  as  server  densities  increase: 
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ASHRAE  is  working  on  updated  standards  for 
data  center  cooling: 

QuickLink  41664 
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The  right  management  can 
increase  the  storage  capacity  of  your 
existing  infrastructure. 


BrightStor®  Storage  Management  Software 

All  the  hardware  in  the  world  can't  solve  increasingly  complex  data  storage  problems. 
That's  why  it's  more  important  than  ever  to  have  the  right  management  software.  With 
BrightStor  storage  management  software,  you  can  now  maximize  every  bit  of  your 
existing  bytes  so  your  hardware  can  perform  to  its  full  potential,  rather  than  operate  at 
partial  capacity.  In  addition,  you  can  not  only  store  data,  but  actually  access  it  when 
you  need  to  in  order  to  make  smarter  business  decisions.  BrightStor  also  integrates 
easily  with  all  of  your  existing  software  and  hardware  and  is  automated  so  your 
employees  can  focus  on  the  business,  not  the  process.  Best  of  all,  better  storage 
management  means  lower  total  cost  of  ownership  and  higher  ROI.  So  you  may  even 
need  to  make  more  space  for  revenue  on  your  bottom  line.  To  find  out  how  to  make 
the  most  of  your  IT  storage  environment,  go  to  ca.com/storage. 
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Weighing  the  Change  to 

Blades 

New  advances  are  extending  the  range  of  applications 
for  blade  servers,  but  in  many  situations,  a  traditional  server 
may  still  be  the  best  choice.  By  Julia  King 


AS  IBM,  HEWLETT-PACKARD  CO. 

and  other  system  vendors  push 
to  market  ever  more  powerful 
and  lower-cost  blade  servers, 
evidence  is  mounting  that  these 
ultracompact  servers  may  be 
ready  to  move  beyond  traditional  appli¬ 
cations  such  as  Web  server  farms.  But 
users  and  analysts  say  they’re  more 
likely  to  coexist  with  traditional  rack 
servers  than  they  are  to  replace  them. 

Blade  servers  reduce  hardware  com¬ 
ponents  and  save  data  center  space  by 
condensing  the  power  and  bulk  of  tradi¬ 
tional  servers  onto  a  single  high-density 
circuit  board.  These  typically  plug  ver¬ 
tically  into  a  chassis  that’s  3U  or  taller 
and  slides  neatly  into  a  standard  server 
rack.  (A  1U  device  is  1.75  in.  high.) 

Blade  servers  can  also  be  more  flexi¬ 
ble  and  easier  to  manage 
than  traditional,  rack-mount¬ 
ed  servers.  This  flexibility 
comes  from  the  ability  to 
swap  out  different  preconfig¬ 
ured  blades  into  a  single 
chassis  as  business  require¬ 
ments  change. 

But  such  advantages  over  compact 
1U  servers  so  far  haven’t  —  and 
shouldn’t  —  make  blade  servers  the 
automatic  choice  every  time,  analysts 
and  users  say. 

A  Different  Architecture 

“There’s  still  a  pretty  considerable  role 
in  the  universe  not  just  for  1U  servers, 
but  for  2Us  and  3Us,”  particularly 
where  there’s  a  need  for  local  data 
storage,  says  Jonathan  Eunice,  an  ana¬ 
lyst  at  Illuminata  Inc.  in  Nashua,  N.H. 
“When  you  get  to  blades,  which  are 
sub-U  density,  you  start  to  lose  the 
space  to  put  in  disk  drives.” 

Some  blades,  such  as  IBM’s  HS20, 
offer  onboard  support  for  a  few  disk 
drives.  But  most  blades  gain  access  to 


storage  through  a  Fibre  Channel  link 
or  across  Ethernet.  “That’s  a  different 
architecture  than  many  users  are  ac¬ 
customed  to,  so  blades  mean  a  cultural 
shift  to  remote  storage,”  Eunice  says. 

“There  are  times  when  a  1U  [server] 
makes  more  sense,”  says  Jeff  Benck,  di¬ 
rector  of  blade  server  products  at  IBM. 
Specifically,  if  a  user  is  looking  to  de¬ 
ploy  fewer  than  five  servers,  blades 
aren’t  the  right  choice,  he  notes. 

At  the  same  time,  developments  in 
blades,  such  as  the  addition  of  more- 
powerful  processors  and  new  network 
and  storage  connectivity  options,  are 
enabling  their  deployment  for  a  wider 
range  of  enterprise  applications  that 
must  scale  up  instead  of  out,  such  as 
databases,  vendors  say. 

HP’s  four-processor  BL40p  blade, 
for  example,  has  dual  on¬ 
board  PCI-X  slots  that  ac¬ 
commodate  Fibre  Channel 
host  bus  adapters  for  con¬ 
necting  to  large  storage-area 
network  (SAN)  clusters 
used  in  running  corporate 
applications,  such  as  mes¬ 
saging  or  ERP  systems,  says  Sally 
Stevens,  HP’s  director  of  blade  server 
platforms.  “This  line  of  blade  servers 
addresses  enterprise-class  applica¬ 
tions.  We  can  hit  all  of  the  applications 
a  traditional  server  hits,”  she  claims. 

For  Larry  Scott,  manager  of  server 
support  at  Dollar  Rent  A  Car  Inc.  in 
Tulsa,  Okla.,  cost  was  the  primary 
driver  behind  the  company’s  decision  to 
move  to  HP  ProLiant  BL  e-Class  blade 
servers  for  a  range  of  applications  that 
includes  front-end  Web  services  to 
midlevel  data  center  applications. 

“Twelve  months  ago,  when  the 
whole  industry  was  really  constrained, 
[the  ProLiant  BL  e-Class]  was  the  low- 
est-end  server  you  could  get,”  Scott  re¬ 
calls.  “Truthfully,  we  looked  at  [VM- 


ware  Inc.’s  virtualization  software], 
but  when  HP  came  out  with  its  Gener¬ 
ation  1  blades,  it  was  the  same  price  as 
VMware,  and  we’d  really  prefer  hard¬ 
ware  over  software.  That  was  the  tack 
we  took.” 

Also,  Scott  pointed  out  that  blade 
servers  have  “a  fairly  nominal  learning 
curve.”  HP  offers  software  tools  to  aid 
with  blade  server  deployment,  but 
these  tools  can  also  be  used  across 
rack  and  tower  servers.  “So  it’s  not  lim¬ 
ited  to  blades,”  he  notes. 

Meeting  Processing  Needs 

Another  blade  user,  Keith  Grimes, 
chief  technology  officer  at  Memphis- 
based  Investigation  Technologies 
LLC,  which  does  business  under  the 
name  of  Rapsheets,  says  he  chose 
IBM’s  eServer  BladeCenter  to  more  ef¬ 
ficiently  handle  the  ever-increasing 
processing  demands  of  customers 
searching  the  150  million  criminal 
records  in  the  company’s  database. 

“We  were  using  IBM  cluster  servers 
and  clustering  together  four  or  five 
servers  for  redundancy  and  fault  toler¬ 
ance,”  Grimes  recalls.  Now,  Rapsheets 
is  running  seven  blades  with  dual  Xeon 
processors  that  boot  directly  off  a  SAN. 
“There  are  no  hard  drives,  and  Blade- 
Center  allows  14  blades  to  be  on  one 
Fibre  [Channel]  connection  [to  the 
SAN],  thereby  increasing  the  efficiency 
of  the  processing  power  vs.  the  stor¬ 
age,”  says  Grimes. 

BladeCenter  also  makes  it  easier  to 
do  distributed  processing,  he  adds.  “We 
may  search  a  name  up  to  12  different 
ways,  flip-flopping  first  and  last  names 
or  using  initials,  and  the  way  our  appli¬ 
cation  is  written,  we  can  spin  off  the 
searches  to  different  blades  and  let 
them  operate  on  their  own  to  optimize 
the  database  and  then  return  all  of  the 
results  and  aggregate  them,”  he  notes. 

“I  can  search  by  first  name,  last 
name  and  date  of  birth  and  create  an 
index.  Then  I  can  create  another  index 
on  the  last  name  and  middle  name.  It’s 
faster  than  having  both  indexes  on  one 
database,”  he  says,  adding  that  the 
turnaround  time  is  less  than  a  second. 

One  downside  to  blades  is  that  they 
have  problems  with  heat  dissipation 
(see  story,  page  25).  “IBM  has  actually 
installed  a  blower  on  the  back  of  the 
blade  chassis  that  can  get  pretty  loud.  It 
sounds  like  a  small  jet  engine  or  several 
hair  dryers  taking  off  at  once,”  Grimes 
says.  Rapsheets  houses  the  server  rack 
in  a  separate,  air-conditioned  room. 
Users  considering  migrating  to  blades 
should  plan  for  their  cooling  require¬ 
ments  accordingly,  Grimes  notes. 

©  41248 


“There’s  still  a  pretty 
considerable  role  in 
the  universe  not  just 
for  1U  servers,  but  for 
2Us  and  3Us.” 

Jonathan  Eunice, 
analyst,  Illuminata  Inc. 


Blade  Offerings 


A  sampling  of  options 
from  major  server  vendors 


Hewlett-Packard  Co. 


■  Offerings:  HP’s  BL  series  includes  one-  to 
four-processor  blades  with  optional  support 
for  two  onboard  2Gbit/sec.  Fibre  Channel 
host  bus  adapters  in  its  BL40p  blades.  HP 
also  offers  a  high-density,  single-processor 
BL  e-Class  server  line. 

■  Differentiation:  HP  is  the  only  vendor 
currently  offering  four-processor  blades. 


M0M- 


m  Dual-processor  HS20  server 

blades  for  its  BladeCenter  line;  IBM  plans  to 
introduce  a  four-processor  blade  with  SAN 
connectivity  later  this  year.  IBM’s  blades 
include  integrated  Gigabit  Ethernet. 

■  Differentiation:  IBM  claims  it  was  the  first 
to  offer  an  integrated  Layer  2-7  Ethernet 
switch  that  plugs  into  its  blade  chassis. 
Functions  include  routing,  application  health 
checking,  network  and  application  load 
balancing,  and  embedded  security. 


Sun  Microsystems  Inc. 


■  Offerings:  The  Sun  Fire  B1600  Blade 
Platform  supports  up  to  16  blade  servers  based 
on  Sun  UltraSparc  processors  or  Intel  Corp. 
x86  processors  in  a  3U  chassis.  The  x86 
blades  will  run  Solaris  or  Linux;  Sparc  blades 
run  only  Solaris. 

■  Differentiation:  Sun  is  the  only  vendor  to 
offer  mix-and-match  operating  system 
capabilities  on  its  blades. 


Dell  Inc. 


■  Offerings:  Dell’s  dual-processor 
PowerEdge  1655MC  accommodates  up  to  six 
server  blades  in  a  3U  chassis. 

■  Differentiation:  Dell  touts  its  free  Open 
Manage  Remote  Install  tool  that  lets  users 
set  up  and  capture  an  image  of  the  server 
operating  system  and  transmit  it  across  a 
network  to  configure  new  blades. 


■  Offerings:  Offers  blade  servers  that  use 
both  Transmeta  Corp.  and  Intel  processors. 
RLX  ServerBlades  plug  into  a  chassis  and 
include  dual  onboard  Ethernet  connections 
and  up  to  two  hard  drives.  Its  performance 
blades  include  support  for  dual  4x  InfiniBand 
or  2Gbit/sec.  Fibre  Channel  adapters. 

■  Differentiation:  RLX  says  its  blade-server 
management  tools  are  its  biggest  advantage. 


There’s  a  communications  network  we  can  all  learn  from 


You  already  have  an  incredibly  efficient  communication  network  -  your  people.  BT  can  offer  you  complete  business  solutions  to 
orchestrate  that  natural  potential  in  your  business.  We  work  with  5,000  companies  and  have  more  than  17  years  of  global  account 
management  experience.  Which  means  that  we  have  the  experience  but  you  have  an  inbuilt  infrastructure  that  is  infinitely  more 
valuable. ..people.  Because  we  understand  that  in  business,  communication  is  everything. 


www.bt.com/globalservices 
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Cruise  Line 
Changes  Bl  Tack 

Web-based  reporting  system  promises  returns  in 
sales,  marketing  and  management.  By  Marc  L.  Songini 


N  AN  ATTEMPT  TO  NAVIGATE  rough 
economic  seas,  Holland  America 
Line  Inc.  is  trading  its  cumbersome 
old  big-iron-based  business  intelli¬ 
gence  reporting  system  for  a  Web- 
based  one  that  end  users  can  more 
easily  and  flexibly  access. 

The  move  was  triggered  by 
the  Seattle-based  cruise  compa¬ 
ny’s  decision  to  use  improved  BI 
tools  in  order  to  make  an  addi¬ 
tional  $1  million  annually  through 
more  efficient  sales,  marketing  and 
revenue  management.  This  required 
changes  to  its  existing  reporting  and 
analysis  system. 

Prior  to  launching  the  upgrade  to 


the  new  reporting  system  a  year  ago, 
the  information  systems  staff  needed 
to  access  operations  information  from 
the  company’s  IBM  S/390  mainframe 
and  format  it  into  reports,  says  Jon 
Dawson,  Holland  America  project 
manager. 

The  reports  included  every¬ 
thing  from  small,  ad  hoc  in¬ 
quiries  to  major  “canned”  re¬ 
ports  that  were  prepared  weekly 
to  assess  the  company’s  revenue  and 
inventory  performance,  says  Paul 
Grigsby,  senior  revenue  manager  at 
Holland  America. 

To  improve  this  system,  Holland 
America  installed  software  from  Infor¬ 


mation  Builders  Inc.,  a  New  York- 
based  BI  software  maker.  Dawson  says 
the  cruise  company  implemented  In¬ 
formation  Builders’  WebFocus  analysis 
tool  to  connect  to  the  mainframe 
through  an  adapter  and  pull  out  the 
relevant  information  for  queries  and 
reports.  The  application,  which  runs 
on  a  Sun  Microsystems  Inc.  box  with  a 
single  CPU,  uses  extract,  transform 
and  load  data-prepping  technology  for 
use  with  Microsoft  Excel  or  Word.  The 
system  also  includes  WebFocus  Re¬ 
porting  Server,  which  enables  users  to 
do  analysis,  reporting  and  querying. 

Dawson  says  that  turning  around  re¬ 
port  requests  previously  took  up  to 
two  days.  Using  the  WebFocus  BI  dash¬ 
board,  Holland  America’s  IS  staff  can 
fine-tune  parameters  and  turn  over  re¬ 
ports  to  end  users  almost  immediately. 

Some  end  users  even  make  their 
own  reports.  But  in  order  to  do  that 
they  need  to  be  trained  and,  as  Dawson 
says,  “spend  the  time  to  get  to  know 
the  data.” 

According  to  Grigsby,  WebFocus  is 
primarily  used  by  revenue  manage¬ 
ment  personnel  for  the  smaller  reports, 
whereas  IS  staffers  working  off  the 
mainframe  still  handle  the  bigger  ones. 

Starting  Slowly 

“We’re  still  growing  the  system,”  says 
Dawson.  “It’s  the  tip  of  the  iceberg.” 

For  instance,  Holland  America  is 
working  to  define  the  data  needed 
from  the  ships  to  analyze  onboard 
spending  by  department  and  for  spe¬ 
cific  excursion  purposes.  The  compa¬ 
ny  is  facing  limitations  because  of  the 
size  of  the  existing  database  system, 
says  Dawson,  so  it  plans  to  load  the  in¬ 
formation  into  an  Oracle  Corp.-based 
data  warehouse  by  December. 

End  users  are  already  noticing  a  dif¬ 
ference.  A  report  that  required  coding 
and  printing  by  IS  staffers  and  took 
days  to  complete  now  takes  just  min¬ 
utes  to  run  with  WebFocus  on  a  PC, 
says  Grigsby.  “And  this  is  where  the 
flexibility  comes  into  play,”  he  adds.  “If 
I  wish  to  see  a  different  view  of  the 
same  information,  I  can  simply  change 
the  sort  sequence  or  introduce  new 
fields  into  the  inquiry  without  having 
to  formally  request  a  new  report  from 
the  information  systems  department.  It 
makes  both  my  time  and  the  informa¬ 
tion  systems  department’s  time  more 
efficient.” 

The  reports  are  indeed  more  flexible 
and  easier  to  get  to,  says  Teresa  Ten¬ 
nant,  manager  of  online  communica¬ 
tions  for  the  shore  excursion  depart¬ 
ment  at  Holland  America.  Currently, 
the  IT  department  and  a  BI  specialist 


Seattle 


End users 

were  unable  to  access  useful  data 
easily,  which  was  costing  the 
company  money. 

The  company 

replaced  a  mainframe-based 
business  intelligence  reporting 
system  with  a  Web-based  reporting 
and  analysis  system. 


prepare  reports  for  her,  but  Tennant 
plans  to  be  trained  to  prepare  them 
herself. 

After  the  report  is  written,  she  can 
get  it  by  logging  into  a  Web  site  and 
accessing  it  in  whatever  format  she 
wants  —  Excel  or  Word  document  or 
PDF.  Tennant  needs  several  types  of 
reports  for  her  work  and  she’s  able  to 
select  them  from  a  complete  menu. 

“It’s  very  handy.  I  can  drill  down  into 
complete  details  of  the  booking  by 
travel  agency  and  individual,”  she  says. 

There  was  some  doubt  among  the 
company’s  end  users  when  the  project 
began,  says  Grigsby.  “We  are  yield 
managers,  not  computer  programmers, 
and  I  was  frankly  suspicious  about 
putting  the  reporting  function  in  our 
hands,”  he  explains.  “However,  after 
training  and  a  goodly  amount  of  trial 
and  error,  we  began  to  see  the  rewards 
of  empowering  the  end  users.” 

Given  current  conditions  in  the  trav¬ 
el  industry,  which  has  been  squeezed 
by  factors  like  the  SARS  outbreak,  the 
war  in  Iraq  and  the  down  economy, 
Holland  America  needed  to  be  able  to 
rapidly  identify  and  track  industry 
trends,  says  Bill  Hostmann,  an  analyst 
at  Gartner  Inc.  in  Stamford,  Conn. 

The  real  value  of  the  new  system  at 
Holland  America,  Hostmann  says,  “is 
how  it  makes  it  easier  to  develop  and 
distribute  business  management  infor¬ 
mation  to  more  users  in  a  timely  fash¬ 
ion  around  the  world  than  ever  before 
and  thereby  more  fully  leverage  exist¬ 
ing  IT  investments.”  ©  41567 


W  We’re  still  growing 
the  system.  It’s 
the  tip  of  the  iceberg. 

JON  DAWSON,  PROJECT  MANAGER, 

HOLLAND  AMERICA 
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Aspect-Oriented 

Programming 

DEFINITION 

Aspect-oriented  programming  is  a  new  way  of  creating 
common  or  similar  functionality  needed  by  different 
parts  of  a  program.  Programmers  describe  needed 
behavior  in  modules  called  aspects  and  then  rely  on 
specialized  AOP  mechanisms  to  weave  or  compose 
them  into  a  coherent  program. 


BY  RUSSELL  KAY 

TO  UNDERSTAND  aspect- 
oriented  programming 
(AOP),  let’s  first  take  a 
look  at  two  models  of 
labor  union  organization  in 
the  U.S.  The  old  American 
Federation  of  Labor  organized 
workers  vertically,  according 
to  their  particular  craft  or 
trade.  Thus,  a  large  company 
might  have  dozens  or  hun¬ 
dreds  of  unions  to  deal  with, 
each  representing  a  specific 
group  of  workers.  The 
younger  Congress  of  Industri¬ 
al  Organizations,  on  the  other 
hand,  organized  a  single  union 
for  all  workers  in  a  given  in¬ 
dustry  regardless  of  their  indi¬ 
vidual  trades.  - 

Under  the  AFL  ap¬ 
proach,  each  separate 
craft  union  needed  its 
own  officers  and  orga¬ 
nizers,  and  each  would 


have  to  negotiate  separately 
with  management.  The  CIO’s 
horizontal  approach,  however, 
cut  across  the  different  trades; 
it  could  provide  similar  ser¬ 
vices  and  benefits  for  all  work¬ 
ers  in  a  company  en  masse. 

Traditional  programming 
methodologies,  even  struc¬ 
tured  and  object-oriented  ap¬ 
proaches,  are  vertical  or  hier¬ 
archical  in  nature,  like  the  AFL 
model.  For  any  given  applica¬ 
tion,  there  are  a  number  of 
common  operations  that,  be¬ 
cause  of  minor  differences  in 
their  logic,  the  way  they’re 


handled,  the  other  modules 
they  interact  with  or  the  data 
they  use,  must  be  programmed 
separately.  With  AOP,  the  idea 
is  to  look  at  these  operations 
and  abstract  them  in  such  a 
way  that  they  can  be  called 
from  anywhere. 

Method  Calls 

AOP  uses  a  new  type  of  soft¬ 
ware  module,  called  an  aspect, 
that  cuts  across  traditional 
classes  and  organizational 
models.  The  essence  of  AOP 
is  that  every  object-oriented 
program,  well  designed  or  not, 
contains  some  method  calls 
that  appear  in  several  places 
throughout  the  program. 

-  Method  calls  trans¬ 
fer  control  to  a  specif¬ 
ic  closed  subroutine 
within  a  program.  If 
you  change  the  call  to 
a  particular  method  or 


QUICK| 
STUDY  - 


its  error-handling  routine,  you 
may  need  to  make  changes  in 
every  occurrence  of  this  call 
—  potentially  requiring  hun¬ 
dreds  or  thousands  of  manual 
edits.  Such  crosscutting  typi¬ 
cally  occurs  in  distribution, 
synchronization,  failure  han¬ 
dling,  policy  enforcement  and 
performance  optimization,  as 
well  as  in  a  number  of  com¬ 
mon  design  patterns. 

Prior  to  AOP,  developers 
found  it  difficult  to  deal  with 
this  crosscutting  behavior,  be¬ 
cause  separate  pieces  of  iden¬ 
tical  or  nearly  identical  code 


were  scattered  throughout 
many  different  modules.  AOP 
lets  you  program  an  aspect 
once  and  then  reuse  it.  AOP 
encapsulates  behaviors  that 
affect  multiple  classes  into 
reusable  modules.  A  code 
weaver  (which  can  be  an  inter¬ 
preter,  compiler  or  preproces¬ 
sor)  then  combines  the  aspects 
and  the  classes  appropriately. 

Some  developers  have  been 
concerned  because  when  you 
make  a  change  in  an  aspect, 


there’s  generally  no  simple 
way  to  know  which  modules 
will  be  affected  by  it.  But  AOP 
integrated  development  envi¬ 
ronment  extensions  address 
this  problem,  making  it  possi¬ 
ble  to  browse  the  crosscutting 
structure  of  aspects. 

3-D  Programming 

From  their  earliest  days, 
programming  languages  and 
methodologies  have  used 
various  kinds  of  modular 
construction,  such  as  sub¬ 
routines,  functions,  proce¬ 
dures  and  objects. 

Modularity  made  programs 
easier  to  write  and  debug  and 
allowed  reuse  of  sections  of 
code.  Previous  forms  of  modu¬ 
larity  are,  however,  primarily 
hierarchical  —  layers  of  proce¬ 
dure  libraries,  object-oriented 
class  graphs  and  others.  AOP 
adds  to  this  the  ability  to  work 
with  a  modular  structure  that 
cuts  across  these  hierarchies. 

Another  way  to  look  at  AOP 
programming  is  by  relating  it 
to  dimensionality.  Procedural 
programming  deals  with  all 
concerns  in  a  line.  Though  we 
can  move  pieces  of  code  into 
different  functions,  the  main 
stream  still  controls  the  entire 
process.  This  is  the  linear,  one¬ 
dimensional  model. 


When  object-oriented  pro¬ 
gramming  is  introduced,  we 
can  present  the  world  in  com¬ 
puter  language  in  a  more  nat¬ 
ural  way  by  describing  differ¬ 
ent  objects  and  their  func¬ 
tions.  Connections  between 
different  objects  form  a  net¬ 
work.  We  can  think  of  this  as  a 
2-D  model. 

AOP  recognizes  that  this 
model  needs  more  dimen¬ 
sions,  because  crosscutting  or 
distributed  code  can  be  seen 
as  making  extra  connections 
that  can’t  be  mapped  in  a  2-D 
space.  AOP  connects  program 
components  in  a  3-D  way 
without  disrupting  existing 
connections  and  relationships. 
©  41505 

Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester, 
Mass.  Reach  him  at  russkay@ 
charter.net. 
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An  AOP  Glossary 


ADVICE:  Code  that  runs  after 
certain  conditions  are  met.  Ad¬ 
vices  allow  you  to  transparently 
apply  things  like  logging  and 
metrics  to  an  object  model. 

ASPECT:  A  construct,  resem¬ 
bling  classes,  for  addressing 
concerns  that  cut  across  class¬ 
es.  An  aspect  can  contain  meth¬ 
ods  and  fields,  extend  other 
classes  or  aspects,  and  imple¬ 
ment  interfaces. 

CONCERN:  Some  functionality 
or  requirement  necessary  in  a 
system  that  may  or  may  not 
have  been  implemented  in  a 
code  structure.  Concerns  can 
range  from  high-level  notions 
like  security  and  quality  of  ser¬ 
vice  to  low-level  notions  such  as 
caching  and  buffering.  They  can 
be  functional,  like  features  or 


business  rules,  or  systemic,  such  as 
synchronization  and  transaction 
management. 

CROSSCUTTING:  Two  concerns 
crosscut  if  the  methods  related  to 
those  concerns  intersect.  An  aspect 
crosscuts  the  traditional  class  and 
method  boundaries  by  applying  the 
same  code  in  each. 

INTERCEPTOR:  Used  to  implement 
an  advice  in  JBoss  4.0,  a  popular 
Java  application  server. 

INTRODUCTION:  A  way  to  add  meth¬ 
ods  or  fields  to  an  existing  class,  to 
bring  multiple  inheritance  to  plain 
Java  classes  or  to  attach  a  new  API 
to  an  existing  object  model.  Used  in 
JBoss  4.0. 

J0INP0INTS:  Points,  or  hooks,  in  a 
program’s  execution  where  en¬ 
hancements  can  be  added  or  behav¬ 


iors  attached.  For  example, 
joinpoints  could  define  calls  to 
specific  methods  in  a  class. 
METADATA:  Additional  infor¬ 
mation  that  can  be  attached 
to  a  class  or  a  given  instance 
of  an  object,  either  statically  or 
at  runtime.  Metadata  helps 
when  writing  truly  generic  as¬ 
pects  that  can  be  applied  to 
any  object,  but  the  logic  needs 
to  know  class-specific  infor¬ 
mation. 

P0INTCUTS:  Program  con¬ 
structs  that  designate  join- 
points  and  collect  specific  con¬ 
text  at  those  points. 

WEAVE:  To  assemble  an  indi¬ 
vidual  concern  into  a  process 
by  interlacing  different  execu¬ 
tion-logic  fragments  according 
to  some  supplied  criteria. 
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Mop-up  Continues 
In  Worm  Aftermath 

Without  automated  tools  in  place,  patch 
and  virus  signature  update  compliance 
become  increasingly  difficult  to  manage 
By  Mathias  Thurman 


T  HAS  BEEN  more  than  a 
month  since  the  Blaster 
worm  hit,  and  my  company 
is  still  having  problems. 

The  main  one  is  that  we  have 
thousands  of  desktops  and  my 
security  team  and  I  don’t  have 
a  strong  and  fully  automated 
way  to  identify  and  track  up¬ 
dates  on  them. 

This  situation  is  a  nuisance, 
if  not  a  crisis.  We 
know  what  to  do,  and 
we’ve  communicated 
the  need  to  keep  up¬ 
dates  current  to  all 
employees,  but  things 
don’t  always  happen 
the  way  we’d  like. 

We’ve  made  some  network 
configurations  within  our 
routers  to  limit  the  damage  as 
much  as  possible,  but  in  some 
instances  that  has  prevented 
legitimate  business  activity 
from  occurring.  In  some  of 
those  cases,  we’ve  had  to  re¬ 
move  added  access-control 
lists  because  it’s  more  impor¬ 
tant  to  have  revenue-generat¬ 
ing  functions  working  than  it 
is  to  prevent  the  Blaster  worm 
from  propagating. 

Another  challenge  I  face  is 
political.  At  other  companies 
where  I’ve  worked,  the  desk¬ 
top  support  group  was  respon¬ 
sible  for  virus  removal  and 
prevention,  while  the  IT  secu¬ 
rity  group  tracked  down  the 
source  of  any  malicious  activi¬ 
ty.  I  never  wanted  the  security 
team  to  be  the  focal  point  for 
virus  eradication  within  the 
organization,  but  detection 
and  eradication  have  morphed 
into  IT  security  department 
responsibilities.  I’d  like  to 
change  that,  but  if  I  start  try¬ 
ing  to  shift  responsibilities  at 
this  stage  of  the  game,  I’ll  only 


generate  resentment  from  oth¬ 
er  organizations.  So,  my 
staffers  —  all  four  of  them  — 
are  stuck  dealing  with  virus 
updates  and  patches  for  nearly 
10,000  desktops.  That  said,  we 
are  making  progress.  Hopeful¬ 
ly,  within  the  next  week  we’ll 
have  cleaned  up  the  environ¬ 
ment  completely  —  until  the 
next  variant  comes  along. 

Other  than  the 
Blaster  fallout,  this 
week  was  fairly  qui¬ 
et.  I  haven’t  started 
looking  for  a  re¬ 
placement  for  our 
recently  departed 
security  engineer 
because  management  has 
asked  that  I  hold  off  hiring  un¬ 
til  the  end  of  the  year.  In  the 
meantime,  I  have  authoriza¬ 
tion  to  hire  a  consultant  if 
needed. 

I’ve  had  good  luck  with  con¬ 
sultants  in  the  past.  The  only 
problem  is  that  they  eventual¬ 
ly  leave.  At  that  point,  if  the 
consultant  hasn’t  generated 
the  proper  amount  of  docu¬ 
mentation  and  transferred 
critical  knowledge  to  the  staff, 
we’re  left  with  an  unmanage¬ 
able  project. 

In  one  case,  I  hired  a  consul¬ 
tant  to  build  intrusion-detec¬ 
tion  sensors.  No  one  was 


My  staffers -all  four  of 
them  -  are  stuck  dealing 
with  virus  updates  and 
patches  for  nearly 
10,000  desktops. 


working  with  the  consultant, 
however,  and  when  he  left,  he 
didn’t  show  us  the  configura¬ 
tion  or  give  us  the  passwords 
to  the  system.  Luckily,  we 
were  able  to  call  him  back  in, 
and  he  provided  that  informa¬ 
tion  free  of  charge. 

We  now  have  very  strict 
agreements  that  specifically 
identify  documents  that  must 
be  produced  each  week  so  that 
we  don’t  run  into  such  prob¬ 
lems  in  the  future. 

Keeping  Up  to  Date 

I  decided  to  take  advantage  of 
the  lull  in  activity  within  my 
department  to  review  our 
server  baseline  images  to 
make  sure  we’re  keeping  up 
with  patches  and  other  config¬ 
uration  issues  that  affect  both 
our  “jump-start”  infrastruc¬ 
ture  for  new  installations  and 
the  retrofit  of  our  existing  sys¬ 
tems.  I  also  examined  our  net¬ 
work  infrastructure  to  ensure 
that  the  same  controls  are  in 
place  for  our  networking  gear. 

Within  the  department,  we 
have  been  keeping  track  of  ad¬ 
visories  and  patch  releases 
from  our  major  operating  sys¬ 
tem,  hardware  and  software 
vendors.  We  typically  do  this 
by  subscribing  to  various  au¬ 
tomated  advisory  services  and 
visiting  certain  Web  sites.  We 
then  forward  the  advisories  to 
the  relevant  departments  for 
implementation. 

For  example,  Cisco  last 
week  rereleased  an  advisory 
that  it  first  announced  in  July 
relating  to  the  potential  for 
denial-of-service  attacks  on  its 
Catalyst  switches.  I  forwarded 
the  advisory  to  our  network 
group,  but  I  never  followed  up 
to  ensure  that  the  appropriate 
software  updates  for  the  Cata¬ 
lyst  switches  were  installed. 

The  network  engineering 
department  maintains  a  list  of 
all  our  routers  and  switches.  I 
selected  a  group  of  switches  at 


random  and  asked  one  of  the 
network  engineers  to  capture 
the  configuration  data  by  issu¬ 
ing  the  “show  running  config” 
command  and  to  send  the  re¬ 
sults  to  me  by  e-mail. 

Unfortunately,  this  clunky 
method  is  the  quickest  way  for 
me  to  verify  that  our  switches 
aren’t  susceptible  to  this  vul¬ 
nerability.  At  some  point,  we 
will  invest  in  patch  manage¬ 
ment  software,  but  that  didn’t 
make  this  year’s  budget. 

After  reviewing  the  list  of 
switches,  I  found  that  quite  a 
few  hadn’t  been  upgraded. 
However,  this  was  mainly  due 
to  the  fact  that  Cisco  hadn’t 
supplied  the  maintenance  re¬ 
lease  for  one  particular  ver¬ 
sion  of  the  switch.  In  lieu  of 
that,  our  network  engineers 
took  mitigating  steps  by  con¬ 
figuring  access-control  lists  on 
the  switches  to  allow  only  le¬ 
gitimate  workstations  to  con¬ 
nect  to  the  administrative  port 
on  the  switches. 

I  also  checked  on  a  recent 
vulnerability  in  the  Solaris  9 
file  transfer  protocol  server 
software.  The  FTP  server  is 
based  on  WU-FTPD,  a  file- 
transfer  program  from  Wash¬ 
ington  University  in  St.  Louis. 

The  program  has  a  buffer 
overflow  vulnerability  that  an 
attacker  can  exploit  to  gain 
unauthorized  root-level  ac¬ 
cess.  This  can  be  remedied 
with  a  patch.  I  reasoned  that  if 
I  checked  our  FTP  servers  for 
the  presence  of  the  patch  and 
found  it  to  be  consistently  in¬ 
stalled,  I  could  assume  that 
the  systems  administrators  are 
attending  to  patch  manage¬ 
ment  on  a  regular  basis.  Once 
we  get  our  hands  on  some 
patch  management  software, 
we  hope  to  automate  the  au¬ 
diting  of  our  infrastructure.  At 
this  point,  I’m  looking  for  sug¬ 
gestions.  But  there’s  no  sense 
moving  forward  until  we  have 
a  budget  for  this  in  place.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  "Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 
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Security  Bookshelf 

Incident  Response  and 
Computer  Forensics,  Second 
Edition,  by  Chris  Prosise, 

Kevin  Mandiaand 
MattPepe;  Mc¬ 
Graw-Hill  Osborne 
Media,  2003. 

The  most  difficult  as¬ 
pect  of  an  intrusion 
investigation  is  the 
analysis  of  the  foren¬ 
sic  evidence.  Whether 
you’re  a  newbie  or  a  seasoned 
professional,  this  book  is  a 
great  reference  to  use  during 
an  investigation  or  to  review  to 
keep  up  your  forensics  skills. 
Packed  with  some  great  mate¬ 
rial  and  presented  in  a  read¬ 
able  style,  this  book  takes  se¬ 
curity  professionals  from  initial 
data  collection  through  an  ac¬ 
tual  analysis.  It  includes  plenty 
of  references,  real-world  ex¬ 
amples  and  explanations  of 
tools  and  techniques. 

-Mathias  Thurman 


Layer  7  Offers  Web 
Services  Security 

Start-up  Layer  7  Technologies 
Inc.  has  introduced  Secure- 
Span  Solution,  a  set  of  prod¬ 
ucts  for  securing  and  connect¬ 
ing  Web  services  that  includes 
a  gateway  appliance,  a  soft¬ 
ware  policy  manager  and  an 
agent  technology. 

SecureSpan  Gateway  en¬ 
forces  security  and  access 
policies  across  multiple  end¬ 
points,  while  SecureSpan 
Manager  creates  and  manages 
the  policies  and  routes  them  to 
agents  that  sit  on  the  endpoint 
(the  consumer  of  the  Web 
service). 

The  gateway  can  deliver  a 
different  set  of  policies  for 
each  endpoint,  according  to 
the  Vancouver,  British  Colum¬ 
bia-based  company. 

Layer  7  co-founder  and 
Chief  Technology  Officer 
Toufic  Boubez  co-authored  the 
UDDI  service  discovery  proto¬ 
col  and  was  once  the  chief 
architect  for  IBM’s  Web  ser¬ 
vices  initiatives. 

SecureSpan  Solution, 
priced  at  $100,000,  will  be 
available  this  month. 
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IN  2000,  the  CIO  Magazine  Tech  Poll  reported 
a  22%  annual  growth  rate  in  IT  budgets.  The 
same  poll  has  recorded  growth  rates  below  2% 
from  January  2002  to  the  present. 

For  the  past  two  years,  CIOs  have  persis¬ 
tently  predicted  a  resurgence  in  IT  spending.  But  the 
harsh  reality  is  that  chief  financial  officers  now  dic¬ 
tate  IT  spending,  and  they  will  throttle  IT  budgets 
until  there’s  hard  evidence  that  IT  delivers  profits. 


How  CFOs  can  extract 
proof  of  IT  profitability 
is  a  source  of  puzzle¬ 
ment.  During  the  years 
of  easy  IT  money,  the 
established  procedures 
for  capital  budgeting 
couldn’t  cope  with  a 
growing  appetite  for 
computerization.  Now 
that  companies  have 
slammed  on  the  brakes, 

CFOs  are  searching  for 
new  ways  to  harness  IT. 

The  most  elaborate 
scheme  yet  is  the  one  the 
Office  of  Management  and  Budget 
conceived  for  constraining  the  more 
than  $57  billion  in  annual  federal  IT 
spending  (or  $32,000  per  employee). 
OMB  efforts,  conducted  under  the 
federal  enterprise  architecture  and 
e-government  strategies,  are  scripts 
for  imposing  order  and  uniformity 
on  an  IT  landscape  that  comprises 
more  than  100  independent  agencies 
and  includes  more  than  5,000  major 
projects.  The  OMB  plan  reflects  the 
thinking  of  many  CFOs  and  is  there¬ 
fore  worthy  of  attention.  It  would  do 
the  following: 

1.  Impose  a  standard  method  for  classifying 
IT  expenses.  An  elaborate  business-ref¬ 
erence  model  defines  how  to  de¬ 
scribe  the  business  operations  of  the 
federal  government.  The  purpose  is 
to  capture  information  about  any  du¬ 


plication  of  efforts. 

2.  Prescribe  a  self¬ 
appraisal  method  for  charac¬ 
terizing  the  performance  of  IT, 
with  an  emphasis  on  identify¬ 
ing  system  deficiencies.  The 
purpose  is  to  identify 
targets  where  IT  spend¬ 
ing  must  be  examined. 

3.  Require  classification  of 
governmentwide  standard  IT 
components  to  enable  consoli¬ 
dation  of  application  develop¬ 
ment.  The  purpose  is  to 
set  the  stage  for  central¬ 
ized  procurement  of 

software  and  services. 

4.  Direct  IT  organizations  to  conform  with  a 
technical  reference  model  for  reuse  of  tech¬ 
nology.  The  purpose  is  to  establish  fa¬ 
vorable  conditions  for  creating  a 
shared  infrastructure  that  would 
save  money. 

5.  Require  the  submission  of  a  “business 
case”  for  every  project.  It’s  through  the 
scrutiny  of  such  business  cases  that 
the  CFO  intends  to  assert  budgetary 
controls.  OMB  officials  have  already 
declared  that  “771  projects  in  FY04 
budget  (for  $20.9B)  are  ‘at  risk’  and 
will  not  be  allowed  to  proceed.”  So 
how  do  OMB  budget  examiners  sort 
out  which  of  the  more  than  5,000 
projects  are  at  risk? 

The  so-called  business-case  forms 
have  been  conceived  by  auditors 
for  budget  examiners.  For  each  proj- 
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been  fighting  budgetary 
amputations  as  a  way  of 
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ect,  the  CIO  of  the  organization 
must  fill  out  a  form  containing  132 
detailed  questions  about  the  best 
IT  practices  ever  conceived  by  con¬ 
sultants.  The  checklist  covers  topics 
such  as  demonstrated  fit  with  busi¬ 
ness  strategy,  linking  to  manage¬ 
ment  plans,  support  of  a  moderniza¬ 
tion  strategy,  demonstration  of  low- 
risk  acquisition  methods,  proofs 
of  strong  project  management,  clos¬ 
ing  of  performance  gaps,  assurance 
of  security  over  a  project’s  life  cy¬ 
cle,  privacy  protection,  paperwork 
reduction,  management  of  risk- 
adjusted  life  cycle  costs  —  and 
many  others. 

For  good  measure,  the  business- 
case  forms  require  documented  con¬ 
firmation  of  compliance  with  a  long 
list  of  regulatory  and  legislative 
measures. 


To  sort  out  which  projects  are  at 
risk,  the  OMB  follows  a  routine  pro¬ 
cedure.  First,  each  item  for  every 
project  is  rated  on  a  scale  from  1  to  5. 

Second,  all  of  the  scores  are  added 
up,  regardless  of  their  importance, 
though  a  poor  score  in  a  few  select¬ 
ed  areas  (such  as  security)  will  au¬ 
tomatically  disqualify  the  entire 
project.  If  the  scores  fall  below  pre¬ 
defined  levels,  the  project  is  classi¬ 
fied  as  being  at  risk  and  scheduled 
for  further  examination.  Projects 
with  low  scores  won’t  be  funded. 

How  effective  is  the  OMB  method¬ 
ology  in  delivering  the  stated  objec¬ 
tives  of  savings  through  sharing  of 
IT  resources?  One  way  of  judging 
that  is  to  examine  the  OMB  schedule 
of  fiscal  2004  governmentwide  shar¬ 
ing  of  IT.  If  you  remove  unique 
Homeland  Security  Department 
projects,  you  end  up  with  only  0.21% 
of  the  total  federal  IT  budget  as  ben¬ 
efiting  from  synergy  through  shar¬ 
ing.  I  guess  that  leaves  the  OMB  — 
like  many  CFOs  —  with  the  hatchet- 
on-a-pole  method  of  IT  budget  prun¬ 
ing  and  management.  ©  41348 
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OK,  our  marketing  is  not 
as  good  as  our  technology. 


Business  Intelligence  Vendor  Rating 


r 

Marketing  Rating 

Technology  Rating 

MicroStrategy 

★  ★  ★ 

★  ★  ★  ★  ★ 

Cognos 

★  ★  ★  ★ 

★  ★  ★ 

Business  Objects 

v _ 

★  ★  ★  ★  ★ 

★  ★  ★ 

Source:  Leading  Industry  Analyst  (2003) 

Fortunately,  our  2,000  enterprise-class  customers  buy 
our  technology,  not  our  marketing. 


See  what  a  real  business  intelligence  platform  can  do  for  you. 

Order  a  FREE  copy  of  “Applications  of  Industrial-Strength  Business  Intelligence”  today 
Visit  www.microstrategy.com  or  call  1-866-866-MSTR. 


Cultivating 

Agriculture  E-business 

By  combining  three  industry 
databases  into  one,  agribusinesses  are 
realizing  savings  and  more  efficiency 
through  the  supply  chain.  Page  42 


Law  Firms  Open  Up 

Legal  firms  are  using  extranets 
to  appease  clients  who  want 
information  access  and  savings 
on  operating  costs  —  but  with 
discretion.  Page  43 


QUOTE  OF  THE  WEEK 

If  you  stop  trying  to 
gather  requirements 
and  start  negotiating  them, 
your  projects  will  yield 
richer  crops. 

-  Paul  Glen,  columnist  and 
principal,  C2  Consulting,  page  46 
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Whether  you  choose  to  farm  out  all  or  part  of  your 
BUSINESS  INTELLIGENCE,  you  need  to  make  sure 
the  quality  of  your  data  won’t  suffer.  BY  MARK  LEON 


Business  intelligence  —  the  collection 
and  analysis  of  a  company’s  most  valuable 
data  —  seems  an  unlikely  task  to  farm  out 
to  contractors.  But  some  companies  are 
doing  exactly  that.  Why?  Because  they 
lack  the  in-house  skills  needed  to  perform 
statistical  analysis  or  maintain  a  data  warehouse. 
And  if  you  want  to  turn  BI  over  to  the  experts, 
there  are  more  options  than  ever  —  along  with 
the  same  big  worry:  losing  control  of  your  data 
quality. 

At  Canon  Information  Technology  Services  in 
Chesapeake,  Va.,  the  technical  support  subsidiary 
of  Canon  Inc.,  the  decision  to  outsource  data 
mining  and  analytics  was  simply  a  case  of  finding 
people  with  the  right  expertise  at  the  right  cost. 

“I  had  been  doing  [basic]  analyses  on  Excel 
spreadsheets  of  our  customer  feedback  data,” 
says  Mike  Larson,  assistant  director  of  product 
and  process  quality  at  Canon  ITS.  But  he  wanted 
more  power  to  do  full-fledged  data  mining  and 
the  ability  to  give  support  managers  online  access 
to  reports. 

“Our  analytic  expertise,  when  it  comes  to  slic¬ 
ing  and  dicing  information,  is  just  not  that  deep,” 
Larson  says.  So  that  left  him  with  two  options: 
buy  packaged  analytic  software  or  outsource. 

After  looking  at  what  it  would  cost  to  buy  the 
applications  and  infrastructure  and  hire  addition¬ 
al  staff,  Larson  explains,  Canon  ITS  concluded 
that  it  would  cost  at  least  twice  as  much  to  do  the 
work  in-house  as  it  would  to  hire  CustomerSat 
Inc.,  an  application  service  provider  in  Mountain 
View,  Calif.  The  ASP’s  clients  pay  annual  hosting 
fees  of  about  $100,000  on  average,  according  to  a 
CustomerSat  spokesman.  Canon  ITS  signed  a 
one-year  contract  in  April,  and  the  service  went 
live  in  June. 

Each  night,  CustomerSat  uploads  data  from 
Canon  ITS’s  two  CRM  systems,  which  handle 
phone  and  e-mail  support.  A  typical  data  set  in¬ 
cludes  items  such  as  customer  name,  description 
of  problem,  product  purchased  and  type  of  inter¬ 
face  employed. 

“Data  quality  is  a  very  hot  issue  for  us,”  says 
Larson.  “The  data  we  export  to  CustomerSat  is 
just  part  of  a  bigger  initiative”  that  involves  tak¬ 
ing  responsibility  for  data  quality  across  the  mul¬ 
tiple  in-house  customer  databases.  “We  screen 
for  things  such  as  duplicate  names  and  bad  e-mail 
addresses,”  he  says.  And  Larson  does  some  tweak¬ 
ing  on  his  own,  such  as  setting  up  business  rules 
to  ensure  data  quality. 


Continued  on  page  40 


Can  you  see  it? 


Middleware  is  Everywhere 


IBM.  D$2,T»vol 


MIDDLEWARE  makes  the  on  demand  world  on  demand. 
And  middleware  is  powerful  IBM  software  like  Tivolif  DB2®  and 
WebSphere®  Open,  behind-the-glass  technology  that  can 
automate  it  all  -  IBM,  Microsoft^  Oracle.  Problems  are  foreseen 
and  solved  before  they  occur.  IT  resources  are  directed  to 
core  business  needs.  Costs  are  reduced.  It’s  automation. 
On  demand.  And  it  makes  your  customers  happy.  Very  happy, 
(©business  on  demand™  Go  to  ibm.com/software/automate 


1.  Automatic  overview  of  operation 

2.  Automatic  shipping  of  sale. 

3.  Automatic  identity  verification. 

4.  Automatic  updating  of  inventory. 

5.  Automatic  tracking  of  delivery. 
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CustomerSat  generates 
daily,  in-depth  question¬ 
naires  that  go  out  to  a  ran¬ 
dom  sampling  of  Canon 
ITS  customers,  and  Lar¬ 
son  keeps  an  eye  on  the 
process  and  sample  sizes. 

The  responses  are  loaded 
into  the  hosted  database 
and  later  viewed  as  re¬ 
ports  and  graphs  via  a 
standard  browser. 

“A  few  years  ago,  you 
really  couldn’t  do  any  cus¬ 
tomization  on  your  appli¬ 
cation  if  you  chose  to  go 
with  an  ASP,”  says  Guy 
Creese,  an  analyst  at  Ab¬ 
erdeen  Group  Inc.  in  Bos¬ 
ton.  “ASPs  now  give  you 
far  more  options.  It  is  no 
longer  take  it  or  leave  it.” 

Although  Larson  is  hap¬ 
py  with  his  service  pro¬ 
vider,  he  says  Canon  ITS  might  even¬ 
tually  bring  some  of  the  analytics  back 
in-house.  He  says  the  company  is 
“looking  at  some  bigger  projects  in¬ 
volving  more  demographic  analyses” 
and  is  considering  buying  analytic 
software  from  a  vendor  like  Cognos 
Inc.  or  Business  Objects  SA  for  those 
efforts. 

This  hybrid  approach  to  BI  is  be¬ 
coming  a  trend,  says  Creese.  “I  think 
we  will  see  more  of  this:  You  out¬ 
source  where  it  makes  sense  and  keep 
the  rest  in-house.” 


piece  and  keep  the  front- 
end  analytics,  the  stuff 
that  encapsulates  your 
business,  in-house?” 

That’s  what  Synovus 
Financial  Corp.  did.  “We 
wanted  to  mine  our  bank 
customer  and  product 
data  more  deeply,”  says 
Jeff  Kennedy,  director  of 
information  systems  at 
Synovus,  a  $19  billion  fi¬ 
nancial  services  holding 
company  in  Columbus, 
Ga.  But,  he  adds,  “sup¬ 
porting  a  data  ware¬ 
house,  scrubbing  and 
loading  all  that  informa¬ 
tion,  is  not  something  we 
have  ever  done  in  the 
past,  and  we  had  no  rea¬ 
son  to  think  it  was  some¬ 
thing  we  wanted  to  take 
on  in  the  future.” 

In  June  1998,  Synovus  outsourced  an 
operational  data  warehouse  to  Meta- 
vante  Corp.,  a  Milwaukee-based  pro¬ 
vider  of  technology  products  and  ser¬ 
vices  for  the  financial  services  indus¬ 
try.  The  database  supported  standard 
functions  like  balance  reports  and  au¬ 
dit-letter  generation,  says  Kennedy. 

“But  we  knew  we  would  need  a  new 
database  design  to  do  more  advanced 
analyses  on  things  such  as  behavior 
within  a  portfolio  or  loan  origination,” 


he  says.  “And  we  wanted  this  to  sup¬ 
port  all  40  of  our  banks.” 

In  October  2001,  Kennedy  and  his 
team  fleshed  out  the  specs  to  build  a 
new  analytic  data  warehouse.  They 
met  with  some  resistance  from  Meta- 
vante  over  the  need  to  replace  the  data 
warehouse,  Kennedy  says,  but  eventu¬ 
ally  collaborated  on  the  design  and 
testing.  “The  result  was  a  database 
built  in  a  star  schema  structure  —  and 
still  hosted  by  Metavante,”  he  says. 
Synovus,  however,  kept  the  data  min¬ 
ing  applications  in-house  and  is  using 
Business  Objects  software  with  a 
browser  interface  on  the  front  end. 

Trust  and  Partnership 

Synovus  has  moved  five  of  its  40  banks 
onto  the  new  system  and  expects  to 
migrate  the  remainder  by  next  sum¬ 
mer.  Kennedy  says  the  new  data  ware¬ 
house  more  than  pays  for  itself. 

“We  estimate  that  the  analytics  we 
run  save  us  $250,000  over  and  above 
what  we  pay  Metavante  for  the  ser¬ 
vice,”  he  says.  But,  savings  aside,  this 
process  involves  turning  sensitive  data 
over  to  someone  outside  the  company. 
Kennedy  says  it’s  OK  to  do  that,  pro¬ 
vided  you  trust  the  outsourcer. 

“With  our  collaboration  on  the  ana¬ 
lytic  data  warehouse,”  he  says,  “Meta¬ 
vante  proved  to  us  that  we  can  work 
through  disagreements  together.  We 
built  a  partnership.  Their  real  value  is 


Who  Does  It 

Here’s  a  sampling 
of  vendors  that  provide 
outsourced  BI 
services: 

■  SageMetrics  Corp., 
North  Holllywood, 
Calif. 

■  CoreMetrics  Inc., 
Burlingame,  Calif. 

■  Metavante  Corp., 
Milwaukee 

■  CustomerSat  Inc., 
Mountain  View, 

Calif. 

■  Harte-Hankslnc., 
San  Antonio 

■  Electronic  Data 
Systems  Corp., 
Plano,  Texas 

■  Wunderman  LLC, 
New  York 


ETL  Is  Heavy  Lifting 

Canon  ITS,  in  fact,  keeps  the  primary 
customer  data  source  in-house  in  a 
PeopleSoft  Inc.  CRM  system  that  feeds 
the  CustomerSat  database.  Larson  says 
the  next  step  will  be  to  complete  the 
circle  and  allow  CustomerSat  to  re¬ 
populate  the  PeopleSoft  system  with 
data  mined  from  the  hosted  database. 

Even  in  this  distributed  architecture, 
Canon  ITS  keeps  the  central  data 
warehouse  on-site  and  maintains  pri¬ 
mary  control  over  data  quality.  But 
that’s  still  a  lot  of  work.  Most  compa¬ 
nies  that  take  full  responsibility  for 
their  data  warehouses  need  staffs 
trained  in  BI  and  extract,  transform 
and  load  (ETL)  tools,  as  well  as  a  real¬ 
istic  perspective  of  the  effect  that  a 
new  project  will  have  on  employees 
and  the  business. 

However,  Creese  says  that  it  often 
makes  sense  to  outsource  the  entire 
data  warehouse.  “Maintaining  a  data 
warehouse  with  all  the  ETL  functions 
is  heavy  lifting,”  says  Creese.  “But  of¬ 
ten  it  can  be  treated  as  a  standard,  util¬ 
ity  service.  So  why  not  outsource  that 


BUILDING 

TRUST 

A  SPIRIT  OF  PARTNERSHIP  pervades 
an  outsourced  business  intelligence  deal 
at  Volvo  Cars  of  North  America  LLC  in 
Irvine  Calif. 

It  all  started  in  1999,  when  Volvo  turned 
a  marketing  data  warehouse  over  to 
Harte-Hanks  Inc.  in  San  Antonio. 

“This  is  one  of  a  limited  number 
of  partnership  arrangements  we 
have,”  says  Phil  Bienert,  manager 
of  CRM  and  e-business  at  Volvo. 

“By  this  I  mean  we  commit  to  a 
multiyear  contract.” 

He  says  it  also  means  that  there’s  a 
built-in  understanding  that  goes  beyond 
anything  in  writing.  “We  state  publicly 
that  Harte-Hanks  is  our  agent  of  record 
for  customer  analytics,  and  we  expect 
that  Harte-Hanks  will  give  us  additional 


CASE 

STUDY 


support  on-site,”  says  Bienert.  “We  ex¬ 
pect  that  they  will  supply  us  with  a 
steady  stream  of  good  ideas  and  that 
they  won’t  rip  us  off.  You  can’t  put  all  this 
in  a  contract.” 

Analyzing  customer  data  wasn’t  Vol¬ 
vo’s  core  competency,  so  it  made  sense 
to  find  a  partner.  The  automaker  is  very 
good  at  keeping  track  of  its  cars,  but  it 
needed  to  “build  a  customer-centric 
view  of  the  world,”  says  Bienert.  And  the 
company  needed  someone  who  could 
build  and  host  all  the  pieces,  the  data 
warehouse  and  the  applications,  mining 
and  analytics. 

Bienert  and  his  staff  run  simple 
queries  and  reports  on  demo¬ 
graphics  and  sales  using  a  dash¬ 
board  developed  at  Harte-Hanks. 
For  more  sophisticated  analyses,  such 
as  predictive  modeling  to  support  new- 
vehicle  launches,  Volvo  turns  it  all  over 
to  Harte-Hanks. 

But  Harte-Hanks’  project  managers 
keep  the  communication  pipe  open  with 
Bienert  and  his  database  manager.  It’s 


in  updating  the  data  warehouse  on  a 
daily  basis,  and  we  are  confident  that 
our  data  is  in  good  hands.” 

One  of  the  things  all  of  these  deals 
have  in  common  is  flexibility.  For  ex¬ 
ample,  in  its  hybrid  arrangement,  Syn¬ 
ovus  could  have  chosen  to  outsource 
the  entire  BI  front  end. 

“Outsourcing  BI,  or  anything  else,  is 
far  richer  than  it  used  to  be,”  says  Ab¬ 
erdeen’s  Creese.  “It  wasn’t  that  long 
ago  when  your  options  were  to  choose 
between  IBM  or  EDS  to  come  in  and 
run  your  entire  IT  shop  for  $40  mil¬ 
lion.” 

Canon  ITS  chose  to  keep  its  primary 
data  store  in-house,  and  the  company 
still  keeps  close  tabs  on  the  quality  of 
data  being  outsourced.  Synovus  turned 
over  the  maintenance  of  its  data  ware¬ 
house,  but  only  after  the  outsourcer 
went  the  extra  mile  to  prove  itself  wor¬ 
thy  of  the  trust. 

And  neither  company  has  relin¬ 
quished  the  ability  to  monitor  data 
quality.  “If  you  outsource  your  ability 
to  do  this,  you  have  gone  too  far,”  says 
Mark  Sullivan,  managing  director  at 
BearingPoint  Inc.  (formerly  KPMG 
Consulting)  in  McLean,  Va.  “At  the  end 
of  the  day,  it  is  still  all  about  the  data.  If 
the  data  is  flawed,  no  provider  can  give 
you  good  BI  or  satisfy  your  SLA  [ser¬ 
vice-level  agreement].”  ©  41235 


Leon  is  a  freelance  writer  in  San  Francisco. 


critical,  says  Bienert,  to  make  sure  that 
the  Harte-Hanks  team  knows  what  Vol¬ 
vo’s  priorities  are.  “Trends  change  quick¬ 
ly  in  the  auto  business,”  he  says.  “What 
is  hot  today  may  not  be  tomorrow.” 

Bienert  wouldn’t  talk  about  the  value 
of  the  Harte-Hanks  contract,  but  he  says 
Volvo  conducted  an  extensive  study  be¬ 
fore  signing  the  deal.  “We  determined 
that  it  would  be  significantly  cheaper  and 
more  effective  to  go  outside,”  he  says. 

Harte-Hanks’  fees  vary,  ranging  from 
$5,000  to  $100,000  per  assignment, 
according  to  a  company  spokesman.  As¬ 
signments  vary  in  duration  and  scope, 
but  they  typically  involve  things  like  cus¬ 
tomer  segmentation  analysis.  Multiyear 
contracts  with  clients  such  as  Volvo  will 
involve  several  assignments. 

Dan  Rubin,  vice  president  of  analytics 
at  Harte-Hanks,  says  the  Volvo  project  is 
a  popular  one  at  his  company.  “Our  peo¬ 
ple  really  want  to  work  on  this  account, 
in  fact,  we  have  people  here  who  have 
been  on  it  longer  than  anyone  at  Volvo.” 

-Mark  Leon 
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Storage  Networking  World  (SNW),  in  conjunction  with  Computerworld  and  the  Storage 
Networking  Industry  Association  (SNIA)  is  seeking  IT  user-organization  case  study 
submissions  for  consideration  and  recognition. 

This  program  will  evaluate,  select  and  recognize  ten  Storage  Technology  “Best  Practices” 
based  on  case  studies  highlighting  successful  or  noteworthy  solution  implementation 
projects  and  deployments  in  the  following  categories: 

•  Systems  Implementation 

•  Storage  Reliability  and  Data  Recovery 

•  Data  Lifecycle  Management 

•  Industry  Regulation  Compliance  and  Corporate  Governance 

•  Innovation  and  Promise 


Nominations  are  welcomed  from  IT  Users/lmplementers;  Systems  Integrators/Consultants;  IT  vendors  on  behalf  of  customers,  or, 
their  own  In-House  Deployment:  and  PR  firms  on  behalf  of  clients.  Multiple  submissions  of  case  studies  describing  different  deployments 
per  company/organization  will  be  considered. 

Winners  will  be  featured  in  a  Computerworld  special  advertising  supplement  profiling  the  company  and  submitted  case  study. 

Submit  your  nomination  today!  The  deadline  is  Wednesday,  October  15th  at  9:00pm  Eastern  time. 

Complete  the  nomination  form  at:  computerworld.com/bestinstorage 
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AoricuKure 

Cultivating 

E-business 

Agribusiness  is  using  IT  to  track  key 
products  and  make  the  supply  chain 
more  efficient.  By  Matt  Hamblen 


he  agribusiness  industry  has¬ 
n’t  been  an  IT  leader,  but  it’s 
making  up  for  lost  time  with  an 
ambitious  effort  to  harness  the 
efficiencies  of  e-business. 

More  than  60  leading  agricultural 
companies  recently  created  an  inte¬ 
grated  database  of  information  about 
farm-related  manufacturers,  distribu¬ 
tors  and  products.  The  new  database 
will  be  used  for  tracking  agricultural 
products  (including  potentially  lethal 
materials)  through  the  supply  chain 
and  serve  as  a  building  block  for  effi¬ 
cient  e-business  industrywide. 

The  companies  involved,  including 
Monsanto  Co.  in  St.  Louis  and  Dow 
AgroSciences  LLC  in  Indianapolis,  are 
members  of  Washington-based  non¬ 
profit  consortium  Rapid  Inc.,  which 
launched  the  Agriculture  Industry 


Identification  System  (AGIIS)  on  Aug. 
11.  Covansys  Corp.  in  Farmington  Hills, 
Mich.,  created  the  database  and  will 
manage  it  for  the  consortium,  says 
Rapid  CIO  Rod  Conner. 

The  main  benefits  to  members  will 
be  efficiencies  in  generating  orders 
and  sales  reports,  as  well  as  the  ability 
to  track  inventory  and  be  better  stew¬ 
ards  of  products  that  can  have  major 
environmental  impacts,  Conner  says. 

Rapid  had  managed  three  separate 
industry  databases  with  the  help  of 
three  different  contractors  starting  in 
1995,  and  it  combined  them  to  form 
AGIIS.  Over  three  years,  AGIIS  will  cut 
the  cost  of  managing  those  databases 
from  $3.5  million  to  $1.9  million,  esti¬ 
mates  Conner.  The  savings  will  more 
than  pay  for  the  nearly  $1  million  de¬ 
velopment  and  infrastructure  cost  of 


AGIIS,  he  says. 

Reducing  costs  was  a  big  reason  why 
Rapid’s  15-member  industry  board 
pushed  for  the  project,  Conner  says. 
But  the  board  also  wanted  to  help  its 
members  make  better  use  of  the  data 
and  to  develop  a  central  repository 
that  would  be  useful  to  non-U.S. 
businesses. 

“Agriculture  is  not  a  technology 
leader,  typically,  but  now  that  our 
member  companies  are  seeing  the  ben¬ 
efits  of  e-business  and  related  tech¬ 
nologies  in  other  divisions  of  their 
companies,  they  are  now  moving  [IT 
into]  agriculture”  activities,  he  says. 

One  side  benefit  is  that  with  AGIIS, 
private  businesses  should  be  able  to 
help  homeland  security  officials  and 
others  prevent  tainted  food  supplies 
from  ending  up  on  grocery  shelves  and 
track  products  such  as  fertilizers, 
which  can  be  used  to  make  bombs, 
says  Brent  Kemp,  a  senior  analyst  at 
Southern  States  Cooperative  Inc.,  a 
Rapid  member  in  Richmond,  Va. 

“After  the  Oklahoma  City  bombing, 
there  was  a  great  security  concern 
about  ammonium  nitrate,  and  with 
AGIIS  we  can  potentially  get  down  to 
what  lot  of  fertilizer  was  sold,  where  it 
came  from,  when,  who  picked  it  up  and 
who  was  responsible  for  it,”  Kemp  says. 

“Our  dream  is  that  a  consumer  could 
look  at  a  can  of  tomatoes,  scan  it  and 
know  every  step  in  that  can’s  life,  from 
where  the  tomatoes  were  grown,  to 
who  canned  it  and  potentially  how 
much  rain  fell  that  growing  season,” 
he  adds. 

Consolidating  Business 

Mandates  for  such  information  are 
growing,  Kemp  points  out.  Manufac¬ 
turers  are  beginning  to  require  it  from 
growers,  while  buyers  in  Europe  insist 
on  knowing  which  foods  have  been  ge¬ 
netically  altered. 

Some  companies  have  already  re¬ 
ported  that  they’ve  been  able  to  elimi¬ 
nate  paper-based  processes  as  a  result 
of  using  AGIIS,  says  Connor.  St.  Paul, 
Minn.-based  Agriliance  LLC,  the 
largest  agricultural  cooperative  in  the 
U.S.,  told  Rapid  in  August  that  it  had 
processed  16,000  orders  with  the  new 
XML  capability  in  AGIIS,  taking  the 
standard  time  for  a  bulk  order  of  prod¬ 
ucts  down  from  12  minutes  to  less  than 
30  seconds,  Conner  says.  That  has  en¬ 
abled  Agriliance  to  move  some  order 
entry  personnel  to  other  tasks. 

Members  of  Rapid  have  a  “keen  in¬ 
terest”  in  not  giving  away  competitive 
advantages,  Kemp  says,  but  members 
“in  general  are  agreed  that  it’s  in 
everybody’s  interest  to  have  a  common 


AGIIS  combines  the 
following  databases; 

■  The  Electronic  Business  ID  Directory, 

with  data  about  the  locations  of  manu¬ 
facturers,  distributors'  retailers  and 
other  businesses  in  the  supply  chain 

■  The  North  American  Purchaser 
Directory,  which  has  data  about  the 
buyers  of  agricultural  products, 
including  growers  and  farmers 

■  The  Product  Directory,  which 
identifies  products  by  Global  Trade 
Identification  Numbers  and  by 
packaging  and  unit  of  measure 


frame  of  reference  for  tracking  prod¬ 
ucts  and  seeing  who  is  shipping  and 
receiving.  The  data  itself  doesn’t  pro¬ 
vide  a  competitive  advantage,  but  how 
you  use  it  does.” 

Southern  States,  a  farm  supplier 
with  1,200  dealers  and  68,000  cus¬ 
tomers,  hasn’t  yet  seen  direct  benefits 
from  AGIIS,  Kemp  says,  but  it  hopes 
that  further  enhancements,  such  as  the 
adoption  of  Web  services  technology, 
will  help  feed  bar-code  information  di¬ 
rectly  into  warehouse  systems. 

The  next  steps  for  AGIIS  include  ex¬ 
panding  its  use  to  agricultural  compa¬ 
nies  outside  the  U.S.  and  to  companies 
in  related  industries,  Conner  says. 

The  main  value  of  AGIIS  is  that  it 
will  be  a  building  block  for  e-business 
initiatives  in  the  agriculture  industry, 
says  Andrew  White,  an  analyst  at  Gart¬ 
ner  Inc.  White  says  AGIIS  shows  that 
agribusiness  is  moving  forward  with 
e-business  and  supply  chain  technolo¬ 
gy,  placing  the  sector  behind  the  elec¬ 
tronics  industry  but  ahead  of  the 
apparel  industry. 

“The  real  purpose  of  this  kind  of 
project  is  not  for  one  company  to  do 
better  than  any  other  but  for  the  indus¬ 
try  as  a  whole  to  take  a  big  chunk  of 
cost  out  of  it,”  White  says.  The  biggest 
benefit  of  AGIIS  will  be  a  reduction  in 
transaction  costs  by  making  the  data 
understandable  to  all  users,  he  says. 

That’s  the  advantage  of  having  a 
standard  product  directory.  “When  I 
say  ‘a  black  pen,’  the  question  is  always 
whether  it’s  a  pen  that  has  black  ink  or 
one  with  a  black  casing.  Now  any  num¬ 
ber  of  companies  can  have  a  standard 
way  of  answering  that,”  White  says. 

©  41484 
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LAW  FIRMS 

OPEN 


Traditionally 
secretive,  law 
firms  are  using 
extranets  to 
give  clients  access 
to  documents  and 
a  window  into 
their  operations. 

BY  JEAN  CONSILVIO 


The  school  district  pays  29  law  firms  $28  million 
in  outside  counsel  fees  for  cases  involving  discrimi¬ 
nation,  civil  rights,  eminent  domain  and  construc¬ 
tion,  says  Harold  Kwalwasser,  former  general  coun¬ 
sel  for  the  school  district.  It’s  a  complex  operation 
because  of  the  amount  of  people,  documents  and 
correspondence  involved.  The  value  of  extranets,  he 
says,  is  that  the  district  doesn’t  have  to  replicate  the 
archived  files;  they  can  be  copied  onto  CD-ROMs. 

“We  have  one  source  to  go  to  get  literally  thou¬ 
sands  and  thousands  of  documents,”  says  Kwalwass¬ 
er.  “It’s  a  very  efficient  system.” 


Losing  a  client  is  one  of  the  costliest  mis¬ 
takes  a  law  firm  can  make.  So  a  growing  num¬ 
ber  of  them  are  using  extranets  as  a  collabora¬ 
tive  tool  to  offer  their  best  clients  the  best  ser¬ 
vice  and  keep  them  in  the  fold. 

This  is  a  big  change  in  the  world  of  law  firms, 
which  have  tended  to  be  low-tech  and  secretive.  But 
now  legal  staffs  and  clients  that  are  dispersed  across 
the  U.S.  and  overseas  can  work  together  by  accessing 
documents  on  extranet-based  knowledge  manage¬ 
ment  systems.  Such  extranets  give  clients  a  window 
into  billing,  transactions,  calendaring,  depositions 
and  pleadings,  for  example. 

Sutherland  Asbill  &  Brennan  LLP,  an  Atlanta-based 
firm  with  350  lawyers,  has  built  about  60  extranets, 
or  data  rooms,  for  10  major  corporations.  “We  just  get 
so  much  enhanced  value  from  the  relationship  with 
our  clients”  that  Sutherland  doesn’t  charge  them  for 
setting  up  and  maintaining  the  extranet,  says  Kim 
Perret,  director  of  marketing  and  communications. 
The  firm  saves  money,  too,  because  it  doesn’t  have  to 
rent  space  to  store  boxes  of  documents  or  bear  the 
expense  of  sending  people  to  oversee  a  document 
review  or  due  diligence.  There  are  also  savings  in 
travel  costs,  travel  time  and  meals. 

Now,  a  client  traveling  in  a  remote  country  needs 
only  his  laptop  to  view  a  document.  “When  he  sends 
an  e-mail  that  says,  ‘Love  that  extranet!’  it’s  price¬ 
less,”  Perret  says. 

Big  clients  today  want  to  be  more  involved  in  their 
cases  than  ever  before.  At  the  same  time,  cases  are 
becoming  more  complex  and  require  teams  of 
lawyers  from  multiple  disciplines,  from  intellectual 
property  to  litigation. 


“Firms  that  are  more  team-oriented  are  doing  very 
well,  and  that  plays  to  what  clients  are  looking  for,” 
says  Michael  Rynowecer,  president  of  BTI  Consult¬ 
ing  Group  Inc.  in  Boston. 

Extranets  are  especially  helpful  when  people  from 
the  business  side,  such  as  the  employee-benefits  team 
or  the  chief  financial  officer,  are  involved  in  a  merger 
or  an  acquisition.  With  extranets,  there’s  no  need  to 
search  through  boxes  of  documents;  information  can 
be  found  using  Boolean,  keyword  or  text  searches. 

San  Francisco-based  Pillsbury  Winthrop  LLC  set 
up  an  extranet  for  the  Los  Angeles  Unified  School 
District  to  share  documents  and  manage  specific 
cases.  The  extranet  runs  on  FirmConnect  from  Hub¬ 
bard  One  in  Chicago  and  is  tied  into  Pillsbury’s 
billing,  CRM  and  docketing  systems,  as  well  as  its 
document  management  system. 


Who  Owns  It? 

The  only  problem  with  this  “virtual  world,”  Kwal¬ 
wasser  says,  is  the  question  of  who  keeps  the  hard¬ 
ware  and  software  that  stores  the  archives  and  runs 
the  extranets.  Law  firms  own  the  systems,  “but  these 
are  documents  I’ve  already  paid  for,”  he  says.  “So  if  I 
say,  ‘Give  me  a  copy,’  I’ll  get  a  copy.” 

But  what  happens  when  the  client  wants  to  take 
charge  and  run  the  extranet?  Kwalwasser,  whose  con¬ 
tract  with  the  school  district  ended  in  June,  says  he 
had  been  looking  into  building  a  reverse  extranet 
next  year  for  the  district’s  outside  counsel  to  access. 
“We  have  collected  this  electronic  [documents]  file,” 
he  says,  “and  we  wanted  to  cut  our  costs  by  not  hav¬ 
ing  people  do  research  that  we  just  paid  some  other 
firm  to  do.” 

Another  way  to  approach  the  issue  is  to  have  the 
extranet  and  document  repository  hosted  at  a  neu¬ 
tral  site.  “If  we’re  working  with  a  client  on  a  case  that 
has  multiple  parties,  we  outsource  the  extranets  to  a 
hosted  facility,”  says  Terry  Crum,  chief  knowledge 
officer  at  Jones,  Day,  Reavis  &  Pogue,  a  Cleveland- 
based  law  firm  that  has  more  than  1,600  attorneys 
worldwide.  For  the  time  being,  “we’ve  decided  to 
host  those  rather  than  put  them  on  our  internal  net¬ 
work  and  invite  people  inside,”  he  says.  “It’s  simply  a 
security  issue.” 

Despite  the  benefits,  legal  extranets  aren’t  wide¬ 
spread  or  automatically  successful.  According  to  a 
recent  report  from  BTI  Consulting,  only  14%  of  215 
large  corporations  surveyed  are  using  extranets  pro¬ 
vided  by  outside  counsel.  Those  clients  see  extranets 
as  a  way  to  improve  their  own  performance  and  for 
law  firms  to  share  the  information  they  hold.  But  the 
report  says  that  if  the  systems  aren’t  robust  or  fail  to 
meet  clients’  needs,  clients  won’t  see  them  as  a  col¬ 
laborative  win.  ©  41214 


EXTRANET 

OVERLOAD? 

OF  COURSE,  IT’S  POSSIBLE  to  have 
too  much  of  a  good  thing.  With  so 
many  legal  extranets  proliferating, 
just  logging  onto  numerous  portals 
for  different  cases  can  be  a  daunting 
challenge  every  morning. 

The  use  of  extranets  as  a  tool  to 
collaborate  with  clients  is  flourishing 
at  some  law  firms,  says  Terry  Crum, 
chief  knowledge  officer  at  Jones 
Day.  “But  in  other  law  firms,  we’re 


seeing  a  kicking  back  from  that,  and 
[firms]  saying,  ‘Wait  a  minute  -  if 
I've  got  15  matters  going  on  . . .  that 
means  every  day  I’ve  got  to  go  to  15 
places  to  look  at  information.'  ” 

Crum  says  that  when  he  was  at 
Chicago-based  Baker  &  McKenzie, 
“we  went  from  zero  to  500  extra- 
nets  overnight,”  which  created  the 
problem  of  managing  the  growth. 

So  Crum  says  some  firms  are  shy¬ 
ing  away  from  extranet  mania  and 
recognizing  that  they  can  respond  to 
clients  and  work  efficiently  by  using 
e-mail  folders  and  keeping  docu- 


■  ■■  ; 

..  T  , 

ments  handy.  However,  that  only 
exacerbates  the  legal  community's  SI 
existing  storage  problem  with  docu¬ 
ment-heavy  e-mail  systems,  and  it 
doesn't  help  clients  manage  their 
own  data  or  see  what  the  law  firm 
is  up  to. 

Ideally,  there  would  be  some  stan¬ 
dard  way  to  view  numerous  extra- 
nets  at  once,  but  the  technology 
doesn’t  exist  yet.  “The  administra¬ 
tive  capability  of  dealing  with  multi¬ 
ple  extranets  needs  to  be  improved,” 

Crum  says. 

-JeanConsilvio 
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NSTAR,  the  largest  investor-owned 
utility  in  Massachusetts,  hopes  two  IT 
projects  will  help  it  achieve  a  very 
aggressive  goal:  to  boost  its  customer- 
service  rankings  into  the  top  25%  of 
Eastern  U.S.  power  providers  over  the 
next  five  years,  says  CIO  Eugene 
Zimon. 

That’s  pretty  heady  stuff,  consider¬ 
ing  that  Boston-based  NStar  was 
ranked  last  among  15  Eastern  utilities 
in  residential  customer  satisfaction 
this  year,  according  to  the  J.D.  Power 
and  Associates  2003  Electric  Utility  Residential  Cus¬ 
tomer  Satisfaction  Index  Study.  The  study  rates  pow¬ 
er  quality  and  reliability,  company  image,  price  and 
value,  billing  and  payment,  and  customer  service. 

NStar  has  made  improvements  in  some  of  these 
areas.  Last  year,  customer  outage  hours  were  slashed 
by  35%,  and  the  length  of  outages  was  reduced  by 
27%,  according  to  the  company’s  2002  annual  report. 
And  by  year’s  end,  NStar’s  200-plus  call  center  repre¬ 
sentatives  were  answering  nearly  90%  of  all  cus¬ 
tomer  calls  in  30  seconds  or  less  —  a  25%  improve¬ 
ment  over  2001. 

The  utility  company  implemented  a  fuel-cost  ad¬ 
justment  on  Sept.  1  that  should  lower  the  average 
electric  bill  for  Boston-area  residential  customers  by 
about  $4.50  per  month.  In  addition,  NStar  was  the 
only  utility  in  Massachusetts  to  achieve  the  service- 
quality  goals  set  by  the  Massachusetts  Department  of 
Telecommunications  and  Energy,  thereby  avoiding 


any  financial  penalties. 

NStar  customers  have  noticed  the 
positive  changes.  While  NStar  hasn’t 
yet  improved  in  its  relative  ranking,  it 
did  increase  its  score  in  the  2003  study 
by  J.D.  Power  by  five  points  (on  a  scale 
of  60  to  130)  compared  with  the  2002 
survey. 

Now  the  company  is  pushing  hard 
on  two  IT  projects  aimed  at  further 
enhancing  customer  service:  the  in¬ 
stallation  of  a  new  CRM  system  (see 
sidebar)  and  an  upgrade  of  its  outage 
management  system. 

The  latter  effort  involves  an  upgrade  of  software 
from  M3i  Systems  Inc.  in  Longueuil,  Quebec.  NStar 
executives  expect  the  system  to  help  the  company 
improve  its  analysis  of  and  response  to  outages. 

NStar  began  rolling  out  the  upgraded  M3i  system 
in  April.  In  June,  the  company  extended  it  with  im¬ 
proved  messaging  capabilities  at  call  centers  to  give 
customers  more  detailed  information  about  the  ex¬ 
pected  length  of  outages.  Now  NStar  is  focusing  on 
the  third  phase  of  the  upgrade,  which  adds  a  graphi¬ 
cal  front  end  that  plots  customer  outage  calls  on  a 
graphical  representation  of  the  company’s  electricity 
distribution  network.  It  will  also  identify  the  utility 
equipment  that’s  the  most  likely  cause  of  an  outage. 

Using  algorithms  that  are  built  into  the  software, 
NStar  engineers  will  be  able  to  analyze  more  quickly 
the  causes  of  and  relationships  between  power  out¬ 
ages,  as  well  as  calculate  how  long  a  particular  out¬ 
age  is  expected  to  last  and  identify  which  customers 
are  affected.  Previously,  dispatchers  had  to  review 
a  list  of  outages  on  a  tabular  or  spreadsheet-type 
screen. 

The  previous  version  of  the  M3i  system  relied  on 
rules-based  systems  to  help  engineers  analyze  the 
potential  causes  of  outages  and  determine  how 
quickly  they  could  be  repaired.  “But  that  model 
breaks  down  in  a  high-volume  situation  —  like  dur¬ 
ing  a  major  snowstorm  —  since  work  on  switches 
and  transmitters  constantly  changes,”  Zimon  says. 

Once  NStar  finishes  testing  the  electronic  plotting 
capabilities  this  fall  and  puts  the  system  into  produc¬ 
tion  early  next  year,  engineers  will  be  able  to  draw  a 
polygon  around,  say,  10  outages  “and  evaluate  how 
they  might  be  related  to  each  other,”  says  Peter  Dion, 
manager  of  systems  support  at  NStar. 


CASE  STUDY 

NSTAR 

CHARTER:  Massachusetts’ 
largest  investor-owned 
electric  and  gas  utility,  serv¬ 
ing  1.3  million  residential 
and  business  customers. 

2002  REVENUE:  $2,728 


2002  EARNINGS:  S179.4M 


This  electric  utility  hopes  IT  will  improve  its 
response  to  blackouts  and  boost  customer  service 
from  rock-bottom  levels.  By  Thomas  Hoffman 


tnergizmg 
Call  Centers 

NStar  is  in  the  final  stages  of  installing  an  Oracle  CRM  sys¬ 
tem  to  improve  customer  service,  regardless  of  what  chan¬ 
nel  a  customer  uses  to  contact  the  power  company.  The 
browser-based  system  uses  computer/telephony  integration 
(CTI)  technology  to  allow  NStar’s  200-plus  call  center  repre¬ 
sentatives  to  respond  to  customers  who  call  in,  use  e-mail, 
fax  or  visit  the  company’s  Web  site. 

The  Oracle  software,  which  will  serve  as  a  front  end  to 
multiple  back-end  systems,  is  being  phased  in  through  year's 
end  and  will  run  on  two  Unix-based  Sun  Fire  servers  from 
Sun  Microsystems  Inc.  It  will  provide  NStar  with  capabilities 
not  currently  offered  through  its  mainframe-based  customer 
information  system  (CIS),  including  the  ability  to  view  cus¬ 
tomers  on  a  total  account  basis  rather  than  by  meter  or  ad¬ 
dress,  says  CIO  Eugene  Zimon. 

The  CRM  system  was  customized  by  Cap  Gemini  Ernst  & 
Young.  The  Oracle  software  is  being  installed  by  Bangalore, 
India-based  Wipro  Ltd.,  which  is  doing  the  customization 
work  in  India  and  the  implementation  in  Westwood,  Mass. 

The  CTI  technology  is  expected  to  help  NStar  reduce  the 
average  time  it  takes  to  handle  a  call  by  15  to  30  seconds  per 
call,  says  Penni  Conner,  vice  president  of  customer  care  at 
the  company.  In  addition,  training  cal!  center  agents  to  use 
the  new  system  is  expected  to  take  just  18  hours,  compared 
with  three  or  four  weeks  on  the  CIS  system. 

-  Thomas  Hoffman 


Also  next  year,  customers  will  be  able  to  use  an 
interactive  voice-response  system  to  find  out  the 
cause,  status  and  estimated  time  of  restoration  for 
an  outage,  Zimon  says. 

Zimon  and  Dion  declined  to  say  how  much  money 
NStar  has  invested  in  the  outage  management  system 
upgrade.  But  it’s  expected  to  deliver  several  key  ben¬ 
efits,  such  as  allowing  for  a  better  assessment  of  the 
cause  of  an  outage,  which  in  turn  enables  faster  and 
more  accurate  dispatching  of  repair  crews.  Plus,  the 
system  is  expected  to  free  up  the  dozen  or  so  dis¬ 
patchers  who  work  during  a  typical  day  shift  so  they 
can  spend  more  time  analyzing  the  causes  of  outages 
and  determine  how  best  to  correct  them. 

During  storm  conditions,  when  multiple  outages 
occur  more  frequently,  Dion  said  he  expects  that  the 
new  system  may  help  NStar  respond  to  power  inter¬ 
ruptions  up  to  20%  faster. 

There  are  several  techniques  that  electric  compa¬ 
nies  use  to  pinpoint  the  sources  of  failures.  Some 
companies  have  integrated  geographic  information 
systems  with  customer  reports  of  outages  and  linked 
that  information  with  their  network  diagrams,  says 
Jill  Feblowitz,  an  analyst  at  AMR  Research  Inc. 

Rick  Nicholson,  an  energy  industry  analyst  at  Meta 
Group  Inc.,  says  NStar  “is  doing  some  very  smart 
things  to  address  the  outage  issue,  but  they  are  proba¬ 
bly  not  unique”  in  plotting  outage  calls  electronically. 

Nevertheless,  NStar  executives  are  excited  about 
the  potential  effect  the  system  will  have  on  improv¬ 
ing  customer  service. 

“We’re  setting  a  standard  here,”  says  Zimon.  “This 
is  designed  to  work  in  both  a  high-volume  [outage] 
and  sunny-day  situation.”  ©  41478 
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New  CIO  at  the  Trading  Desk 
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Barclays  Capital  PLC,  the 
6-year-old  investment  banking 
division  of  London-based  Bar¬ 
clays  Bank  PLC,  competes  with 
some  very  large  and  experi¬ 
enced  old-time  financiers  for  a 
chunk  of  the  trillions  of  dollars 
in  the  worldwide  market  for 
fixed-income  investments,  such 
as  government  bonds.  NANCY 
GLOOR  joined  Barclays  Capital 
as  CIO  for  the  Americas  last 
month  to  lead  the  development 
of  electronic  trading  systems  for 
that  effort.  She  comes  with  17 
years’  experience  at  Goldman 
Sachs  Group  Inc.,  where  she 
most  recently  was  managing 
director  for  fixed-income,  com¬ 
modities,  currency  and  finance 
technology  for  all  of  Europe. 

Gloor  recently  talked  with 


Computerworld’ s  Jean  Consil- 
vio  about  the  investment  bank¬ 
ing  business  and  her  new  role 
at  Barclays. 

Why  did  you  join  Barclays? 

We’re  a  relatively  new  organization 
and  have  very  aggressive  goals  to 
be  [at  the]  top  of  all  of  the  markets 
we’re  in.  For  example,  in  our  elec¬ 
tronic  trading  market,  we  just  started 
with  TradeWeb  [a  multidealer  plat¬ 
form]  in  March,  and  we’re 
already  leading  the  [industry 
rankings]. 

What  do  you  hope  to 
accomplish  in  the  com¬ 
ing  year?  I  follow  the  goals 
of  the  organization,  which 
are  to  further  globalize  the 
firm.  We  need  to  move  the 


robust  technology  platforms  that 
we’ve  been  rolling  out  in  Europe  and 
the  U.S.  into  the  next  phase  in  the 
U.S.,  add  more  products  and  turn  our 
attention  to  Asia.  The  other  thing 
we're  focusing  on  is  flawless  execu¬ 
tion,  which  is  very  important.  We’re  a 
relatively  small  organization,  so  for 
us  to  be  competitive,  we  have  to  do 
what  we  do  very  well. 

What  changes  do  you  see  for  the 
platforms?  In  the  U.S. 
last  year,  Barclays  Capital 
opened  its  new  North  Amer¬ 
ican  headquarters  in  mid¬ 
town  Manhattan.  The  new 
trading  floor  standardized 
the  infrastructure  technol¬ 
ogy.  We  are  now  following 
that  with  standardized  soft¬ 
ware  in  all  regions,  which 


will  make  it  much  easier  for  us  to  de¬ 
ploy  new  applications  and  put  new 
product  lines  on  those  applications. 

What  challenges  have  you  come 
up  against  working  in  fixed- 
income  management?  One  of  the 

challenges  is  that  in  the  very  com¬ 
moditized,  cash-type  product,  like  in 
the  government  [bonds]  area,  mar¬ 
gins  have  shrunk  over  the  last  few 
years.  To  be  profitable,  you  have  to 
really  be  smart  about  how  much  it 
costs  to  trade,  how  quickly  we  can 
price  things,  how  much  it  costs  to 
process  everything  through  the  back 
office.  Those  are  things  we  need  to 
be  able  to  automate  wisely  because 
the  cost  of  doing  business  has  to 
come  down  for  them  to  be  profitable. 

What  advice  would  you  give 
anyone  in  IT  who  wants  to  spe¬ 
cialize  in  an  industry,  as  you 
have  during  your  career?  Tech¬ 
nology  plays  such  a  key  and  integral 


part  in  our  business  that  you  have  to 
have  a  lot  of  context.  You  have  to 
have  deep  knowledge  of  the  busi¬ 
ness,  and  that’s  where  you  bring  the 
value.  It’s  not  just  your  technical  skill 
that’s  important,  but  it's  your  knowl¬ 
edge  about  a  particular  trading  desk, 
product  line  or  process,  like  risk  or 
pricing.  We  have  [IT]  people  sitting 
on  the  desks  with  the  traders  and  the 
salespeople  who  understand  inti¬ 
mately  what  they  do  every  day,  and 
they’re  the  ones  developing  the  soft¬ 
ware  for  them. 

So  business  and  technology 
work  as  one?  When  I  was  inter¬ 
viewing  here,  somebody  said,  “I 
don’t  really  see  the  difference  be¬ 
tween  technology  and  business.”  I 
don’t  either.  They're  one  in  the  same. 

I  don’t  know  how  you  trade  bonds 
without  technology.  You  couldn’t.  It’s 
not  possible.  The  challenge  for  tech¬ 
nologists  is  to  be  equally  competent 
on  both  sides.  ©  41726 


IF  WE  CAN’T  AFFORD  THE  SOLUTION. 

THEBI  IT’S  WOT  A  SOLUTION. 

If  you  are  a  growing  enterprise,  your  need  for  new  software  always  exceeds  your  budget.  Or  does  it?  SAP  has  a  range  of 
solutions  to  fit  any  size  business  and  any  budget.  Solutions  that  can  be  up  and  running  quickly  —  even  in  a  matter  of  weeks. 

And  since  they’re  modular  and  based  on  an  open  platform,  they  can  grow  and  expand  as  you  do.  SAP  has 
experience  helping  businesses  of  all  sizes  solve  business  issues.  Affordably. 

THE  BEST-RUN  BUSINESSES  RUN  SAP 
for  am  opportunity  to  mm  m  all-expense-paid  trip  to  a  business  management 

SEMINAR,  LOG  ON  TO  SAP.COM/USA/AFFORDABLE  OR  CALL  888  592  1727 

©2003  SAP  AG,  SAP  and  the  SAP  logo  are  trademarks  and  registered  trademarks  of  SAP  AG  in  Germany  and  several  other  countries,  Project  timeline  subject  to  specific  project  scope  and  other  factors.  Contact  the  above  website  for  further 
details.  Covered  expenses  limited  solely  to  seminar  registration  fee,  airfare,  and  accommodations  as  specified  by  SAP.  Offering  subject  to  additional  terms  and  conditions,  and  subject  to  change  or  end  without  notice. 
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Banks’  IT  Spending 
To  Hit  $60B  in  ’07 

IT  spending  in  the  banking  indus¬ 
try  will  reach  $60  billion  in  2007 
as  banks  continue  their  efforts  to 
cut  costs  and  increase  revenue, 
according  to  an  IDC  survey  of  27 
U.S.  banks. 

Respondents  said  they  will 
devote  most  of  their  IT  spending 
to  delivery  channels  and  back- 
office  technology,  while  their 
investments  in  systems  that 
support  retail  and  wholesale 
product  lines  will  increase  at 
a  slower  pace  during  the  next 
four  years.  Framingham,  Mass.- 
based  IDC  said  respondents’ 
priorities  included  meeting  regu¬ 
latory  requirements,  CRM,  risk 
management  and  attracting  new 
customers. 


Nordson  Names 
Peet  New  CIO 

Nordson  Corp.  last  week  appoint¬ 
ed  Shelly  M.  Peet  as  CIO  at  the 
Westlake,  Ohio-based  company. 
She  joins  Nordson  following  a  13- 
year  career  at  TRW  Inc.  in  Cleve¬ 
land,  where  she  most  recently 
was  director  of  information  ser¬ 
vices.  Peet  holds  degrees  in  sys¬ 
tems  engineering  from  Case 
Western  Reserve  University  and 
a  degree  in  physics  from  Witten¬ 
berg  University.  Nordson  makes 
precision  dispensing  equipment 
and  has  3,500  employees  in  30 
countries. 


Entergy,  Keane 
Sign  S12.3M  Deal 

Keane  Inc.,  an  IT  consulting  firm 
in  Boston,  has  signed  a  $12.3  mil¬ 
lion,  five-year  outsourcing  con¬ 
tract  with  Entergy  Solutions  Ltd., 
a  subsidiary  of  Entergy  Corp.,  an 
$8  billion  New  Orleans-based  en¬ 
ergy  services  company.  Keane 
will  support  Entergy  Solutions’ 
application  development  and 
management  using  on-site  and 
offshore  IT  teams.  The  core  appli¬ 
cations  handle  retail  business 
functions,  including  forecasting, 
pricing  and  deal  management, 
risk  scheduling  and  settlements. 
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Over  the  years,  I’ve  come  to  the  conclu¬ 
sion  that  one  of  the  most  destructive  no¬ 
tions  circulating  inside  technical  groups 
involves  “gathering  requirements.” 

For  decades,  virtually  everyone  in  the 
industry  has  accepted  that  the  first  phase  of  every  IT 
project  should  be  to  gather  requirements  from  busi¬ 
ness  users.  At  least  in  theory,  it  should  be  the  point  of 


departure  for  all  our  ef¬ 
forts.  (Of  course,  it’s  also 
the  phase  of  the  project 
that’s  most  often  skipped.) 

So  now  that  our  success 
rate  for  IT  projects  has 
risen  to  the  still-dismal 
level  of  about  25%,  perhaps 
we  should  question  some  of 
this  time-honored  wisdom. 

As  I  travel  the  country 
for  consulting  and  speak¬ 
ing  engagements,  I  often 
ask,  “What  are  the  main 
causes  of  project  failure?” 

And  invariably  one  of  the 
first  answers  is  something 
like,  “There’s  a  failure  to 
gather  good  requirements.” 

And  when  I  ask  why  projects  get  bad 
requirements,  the  answers  are,  “Users 
won’t  tell  us  what  they  want,”  or  “We 
don’t  ask  good  questions,”  or  “What 
they  told  us  they  wanted  turned  out 
not  to  be  what  they  really  wanted.”  But 
I  think  that  the  problem  is  more  subtle 
than  any  of  those  answers. 

The  problem  with  gathering  re¬ 
quirements  is  right  there  in  the  word 
gathering.  What  images  does  it  con¬ 
jure?  For  me,  it’s  an  image  of  a  harvest, 
of  a  group  of  people  standing  among 
endless  rows  of  vines  picking  ripened 
grapes  and  carefully  placing  the 
bunches  in  a  bin.  For  others,  it  might 
be  an  image  of  a  child  collecting  sea- 
shells  on  the  beach  or  of  a  group  of 


people  huddled  together 
at  a  town  meeting.  What’s 
common  in  all  these  im¬ 
ages  of  gathering  is  that 
there’s  something  out 
there  to  be  collected,  like 
crops,  shells  or  people,  and 
that  those  things  are  al¬ 
ready  whole  and  complete. 

So  if  we’re  gathering 
requirements,  we  assume 
that  they  must  be  out 
there,  ready  to  be  assem¬ 
bled  like  a  roll  of  coins. 
Our  problem  is  finding 
and  selecting  the  right 
ones.  So  if  the  users  don’t 
tell  us  what  they  really 
want,  we  should  grab  them  by  the 
ankles,  hold  them  upside  down  and 
shake  them  until  those  pesky  require¬ 
ments  fall  out  on  the  floor.  The  only 
logical  conclusion  is  that  if  we  don’t 
get  good  requirements,  we  haven’t 
shaken  enough. 

Of  course,  this  is  ridiculous.  Re¬ 
quirements  don’t  exist  out  in  the  ether 
just  waiting  to  be  discovered.  They 
aren’t  out  there  whole  and  finished. 
Clients  and  users  aren’t  playing  an 
expensive  game  of  hide-and-seek  with 
us.  Usually,  the  clients’  pockets  are 
empty.  Most  of  the  time,  they  don’t 
exactly  know  what  they  require.  And 
even  if  they  do,  it’s  in  the  form  of  in¬ 
complete  and  inconsistent  ideas  that 
can  be  only  partially  articulated.  Proj¬ 
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ects  rarely  start  out  with  clear  objec¬ 
tives  or  requirements;  they  begin  in 
confusion  and  ambiguity. 

The  other  problem  with  gathering 
requirements  is  that  it  suggests  sub¬ 
servience  or  disinterested  passivity  on 
the  part  of  the  IT  group.  It  gives  the 
impression  that  the  job  of  a  technical 
team  is  to  take  orders  like  a  waiter 
who  couldn’t  care  less  what  you  eat 
and  then  deliver  the  cooked  meal. 
Technical  teams  with  this  attitude 
rarely  deliver  high-quality  service. 

So  what’s  the  alternative?  Obviously, 
projects  need  solid  requirements  on 
which  to  build  technology. 

We  should  think  of  a  set  of  require¬ 
ments  as  being  like  a  multilateral 
treaty  among  a  group  of  nations. 
Representatives  of  nations  negotiate 
treaties  by  seeking  out  points  of 
agreement,  acknowledging  con¬ 
straints,  compromising  and  trading 
off.  The  forging  of  a  treaty  is  an  active 
and  difficult  process  of  creation.  No 
one  would  suggest  that  you  “gather 
paragraphs”  to  write  a  treaty. 

So  we  must  negotiate  requirements 
among  the  many  stakeholders  whose 
positions  and  interests  need  to  be  ac¬ 
knowledged.  There  are  the  business 
interests  of  executives  who  fund  proj¬ 
ects,  of  course.  There  are  the  utility 
needs  of  the  users  who  will  work  with 
the  systems  every  day.  There  are  also 
the  technical  needs  of  those  who 
build,  deploy  and  support  those  sys¬ 
tems.  The  list  can  go  on  and  on. 

Successful  projects  begin  not  with  a 
harvest,  but  with  a  difficult  set  of  dis¬ 
cussions  on  what  should  be  done.  If 
you  stop  trying  to  gather  requirements 
and  start  negotiating  them,  your  proj¬ 
ects  will  yield  richer  crops.  ©  41565 
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There  was  a  time  when  data  warehousing  and  data  centers 
were  primarily  a  hardware  issue  or  deep  research 
embedded  within  data  management.  Not  so  with  the  Next 
Generation  Data  Center,  where  data  mining  and  statistics  come 
out  of  the  research  cave  into  full  blown  operational  imperatives. 
You've  seen  the  results  -  a  list  of  books  that  you  just  might  find 
interesting,  based  on  your  past  orders. 

With  more  than  one  million  people  working  in  the  data 
management  field,  the  new  role  for  data  mining  and  business 
intelligence  indicates  a  major  shift  of  web  development,  software, 
data  mining  (statistics)  and  text  mining  into  the  job  category.  This 
segment  of  the  information  technology  industry  is  moving  up  in 
the  food  chain;  the  analytics  category  is  considered  one  of  the  top 
value  plays  with  over  half  of  all  implementations  achieving  full 
payback  within  two  years  or  less.  And,  expenditures  are  expected 
to  grow  by  better  than  33%  over  the  next  four  years. 

Among  the  kingpins  of  mining  and  putting  to  work  data  to 
achieve  bottom  line  results  is  Amazon.com.  Ken  Collins,  director  of 
data  warehouse  for  Amazon.com,  says  the  most  critical  issues  are 
data  quality,  scaling  and  “deployment  of  mining  insight 
throughout  our  infrastructure.  I  would  expect  that  companies  that 
can  make  deployment  of  sophisticated  mining  models  and 
algorithms  across  a  n-tier  open  systems  stack  would  do  very  well." 

Wayne  Thompson,  product  manager  for  data  mining 
technology  at  SAS  Institute  in  Cary,  N.C.,  says  that  in  the  past  24 
months,  data  management  has  shifted  from  a  tool  kit  product  to  a 
solution  of  best  practices  resulting  in  new  business  capabilities 
"such  as  credit  scoring,  bioinformatics,  marketing  automation  and 
money  or  fraud  identification.  It's  now  a  solution  within  a  larger 
enterprise,"  says  Thompson,  "which  allows  more  focus  and  a  more 
consumable  product."  SAS,  long  known  for  its  analytical  focus, 
holds  a  38%  share  of  the  data  mining  market. 


In  the  past,  data  mining  resulted  in  quantitative  points  -  age, 
gender,  zip  code,  how  many  cars  you  own.  The  changes  Thompson 
sees  are  quantifiable  and  predict  future  behavior.  Another 
advancement  is  the  use  of  statistics  with  text.  "Whether  in 
business  or  research,  much  of  the  information  we  receive  is  in  the 
form  of  text.  At  SAS  we've  come  up  with  a  way  to  combine  textual 
with  typical  numeric  data  to  come  up  with  better  predictive 
models,"  Thompson  says. 

The  industry  is  also  seeing  data  management  move  from 
research  into  a  collaborative  work  environment.  Working  with 
business  leaders  and  the  IT  professionals  who  deploy  data  systems 
within  larger  enterprise  or  customer  relationship  management 
systems,  data  management  professionals  are  developing  models 
based  on  business  trends. 

As  these  shifts  occur,  the  shift  in  skills  required  is  equally 
broad.  The  collaborative  environment  requires  written  and  verbal 
communication  abilities,  as  well  as  business  understanding.  The 
requirement  for  solid  statistical  skills  (as  evidenced  by  master's  or 
doctorate  degrees  in  mathematics,  statistics,  computer  science  or 
even  data  mining)  remains.  Standard  languages  -  PMML 
(predictive  modeling  markup  language),  which  is  an  XML 
representation  -  is  the  base,  but  experience  in  C,  C++  and  JAVA 
also  are  important.  "We  also  need  people  who  can  sit  with  a 
business  manager,  understand  the  business  processes  and  develop 
models,"  Thompson  says. 

As  with  other  IT  job  categories,  the  opportunities  exist  in  IT 
companies  such  as  SAS.  They  also  are  increasingly  available  in  non- 
IT  firms  who  are  customizing  and  fully  exploiting  the  data  mining 
tools  to  analyze  and  predict.  Thompson  also  recommends  direct 
exposure  to  data  management/mining  tool  kits,  such  as  SAS 
Enterprise  Miner  or  Text  Miner,  and  attending  conferences  such  as 
M2003,  to  be  held  Oct.  13-14  in  Las  Vegas.  "It's  an  excellent  forum 


Data  Center 

that  focuses  less  on  statistical  skills  than  on  how  tools  are  being 
used  to  affect  business,"  he  says. 

Amazon. corn's  Collins  adds,  "If  ever  there  was  an  opportunity 
for  IT  to  be  proactive  for  business,  this  is  it.  Professionals  must 
understand  data  mining  and  statistics,  their  customer  or  company's 
business  and  help  map  the  two  together.  It  is  also  essential  that  we 
be  relentless  in  the  pursuit  of  data  quality  and  metadata  for  the 
high  business  value  information  we  steward.  And  of  course, 
nothing  replaces  solid  data  warehouse  modeling,  design  and 
optimization  skills." 


Next  Generation  Data  Center 

Mines  text  as  well  as  data  points 
Combines  business  modeling  with  analytics 
Predicts  rather  than  reports 

Next  Generation  IT  Skills 

Advanced  analytical  skills  (statistics) 

Written/verbal  communication 

Business  models  and  best  practices  by  industry  sector 

Software  development 

Enterprise-wide  and  web-enabled  deployment 
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BSS  ENGINEER:  Designs, 
develops,  installs,  tests  and 
modifies  BSS  network  system. 
Conducts  overall  BSS  imple¬ 
mentation  quality  assurance 
control  and  tests  the  BSS  net¬ 
work  system  according  to  engi¬ 
neering  data  and  telecommuni¬ 
cations  principles.  Performs 
BSS  software  upgrade  and 
updating  and  analyzing  of  oper¬ 
ating  statistics.  Directs  commis¬ 
sioning  and  integration  of  the 
Global  System  for  Mobile 
Communications  and  Base 
Transceiver  Station  network  ele¬ 
ments  to  meet  project  goals. 
Provides  support  and  informa¬ 
tion  to  TAC1  and  TAC2. 
Interface  to  diagnostic  center 
TAC3.  Executes  database  han¬ 
dling  for  network  changes  and 
optimization.  Job  is  in  Miami,  FL. 
40  hrs.  weekly.  9-5  pm. 
$68,000/yr.  Bachelor's  degree  or 
equivalent  in  Electronics 
Engineering  or  related  field  and 
2  years  experience  in  job 
offered.  Mail  resume  to  S.  Com, 
Inc.,  801  Brickell  Ave.,  Suite 
#1560,  Miami,  FL  33131.  Attn: 
Ben  Arkestain. 


Computer  Systems  Admin¬ 
istrator.  AnaSyze/maintain/ 
modify  applications  on  IBM 
mainframe.  Req.  BS  Math/ 
Comp.  Science/Rel.  Field  & 
2  yrs  exp  in  job/2  yrs  exp  as 
Sr.  Analyst/Programmer. 
Spec.  Req.  Expertise  in 
COBOL,  DB2,  CICS,  CSF, 
Cordaptix  &  Utility  Billing 
Systems.  Send  Resume: 
Louie  G.  Abad,  EV3A,  Inc., 
104  Pierpoint  Cir.,  Folsom, 
CA  95630(Jobsite). 


Database  Administrator:  Install 
and  test  database  and  applica¬ 
tion  configuration;  establish  and 
maintain  test  and  production 
databases;  assure  database 
security;  install  all  system  cus¬ 
tomization;  perform  all  neces¬ 
sary  database  tuning;  perform 
regular  database  audits  to  check 
data  integrity,  perform  and  test 
backup  and  recovery  proce¬ 
dures,  provide  application  devel¬ 
opment  support  to  developers. 
Req.  BS  or  equivalent  in  CS  or 
CIS  +  nine  months  experience  in 
job  offered  or  as  Tech.  Support 
Engineer.  Must  be  Oracle  and 
Microsoft  certified.  Must  be  pro¬ 
ficient  in  Advance  C/S,  Advance 
Web  Access,  PowerBuilder/ 
InfoMaker,  Crystal  Reports, 
ASP,  and  Java  Script.  40  hr/wk, 
8am-5pm.  Contact  Herbert  J. 
Brunswick,  Georgia  Tech 
Foundation  Inc.,  760  Spring 
Street,  NW,  Suite  400,  Atlanta, 
GA  30332-0182 


CoBank,  ACB  seeks  a  Software 
Engineer  to  work  in  Greenwood 
Village,  CO,  to  engage  in  full  life- 
cycle  software  development  of 
web-based  banking  applica¬ 
tions.  Requires  a  Bachelor's  or 
foreign  equivalent  in  computer 
science,  MIS,  electronic  engi¬ 
neering  or  related  field;  2  years 
designing  and  developing  web- 
based  applications  using  Oracle, 
J2EE,  Visual  Age,  HTML,  XML 
and  AS/400;  working  knowledge 
of  Websphere  and  PVCS. 
Respond  by  mail  with  resume  to 
Bob  O'Toole,  CoBank,  ACB, 
5500  S.  Quebec  St.,  Greenwood 
Village,  CO  80111. 


Spectrum  Health  Hospitals,  in  Grand 
Rapids,  Michigan,  seeks  a  Director  - 
Clinical  Measurement  &  Evaluation, 
for  directing  the  coordination,  facilita¬ 
tion,  collection,  analysis  and  report¬ 
ing  of  clinical,  customer,  and  human¬ 
istic  data  for  quality  improvement 
programs.  Duties  include  directing 
the  manipulation  of  clinical,  adminis¬ 
trative  and  finance  databases  to 
extract  data  for  reporting  purposes; 
and  directing  the  evaluation,  selec¬ 
tion,  implementation  and  mainte¬ 
nance  of  continuous  quality  improve¬ 
ment,  database  management  statis¬ 
tical,  benchmarking,  outcome  report¬ 
ing,  and  related  software.  Doctor  of 
medicine  degree  required,  plus  3  yrs 
of  experience  in  job  offered  or  as  a 
medical  information  systems  manag¬ 
er,  and  3  yrs  of  experience  as  a 
health  care  professional  providing 
clinical  treatment  Send  resume  to 
Kenneth  Treece,  Human  Resources, 
Spectrum  Health  Hospitals,  251 
Michigan  Street,  N.E.,  Grand  Rapids, 
Michigan  49503-2560.  900999W 


Dir.  of  IT.  Design  &  develop  CRM 
strategy  &  info.  proc.  protocols 
thru.  Internet  &  intranet;  develop 
&  implement  manufact.  process, 
incl.  assembly  op.,  engr.,  testing, 
quality  plan,  &  inspection  crite¬ 
ria,  research  user  interface 
design,  character  layout  &  natur¬ 
al  lang.  proc.;  NT/W2K  system 
admin.-  db/web  server  mgt;  infra¬ 
structure  facilities,  e-mail, 

domain,  network  admin.;  network 
security;  website  (domain)  IIS 
mgmt;  remote  surveillance  of 
web  host,  platform;  inspect  & 
maintain  sec.  508  compl. 
Requires:  Ph.D  Ind.  Eng.  &  1  yr. 
exp.  in  job  or  1  yr  as  Sys.  Engr. 
Comp.  Salary.  Send  resume  to: 
HR,  206  S.  Park  Ave.,  Ste  #B, 
Winter  Park,  FL  32789. 


Senior  Software  Engineer: 
Design  and  develop  new  appli¬ 
cations  for  solid  modeling  soft¬ 
ware  systems,  including  low- 
level  geometrical  and  topologi¬ 
cal  operations  and  Boolean 
operations.  Design  and  develop 
advanced  surface  software  fea¬ 
tures,  such  as  sweep,  loft,  multi¬ 
sided  patch  and  geometric  conti¬ 
nuity.  Perform  competitive 
analysis  of  other  CAD/CAM  soft¬ 
ware  applications.  Conduct 
extensive  testing.  Provide  tech¬ 
nical  support  and  problem  reso¬ 
lution  during  testing  and  imple¬ 
mentation.  Position  requires 
Masters  degree  in  Computer 
Science.  Engineering  or  a  relat¬ 
ed  field  with  2  years  experience 
in  the  position  offered  or  two 
years  experience  as  a  CAD 
Researcher  or  CAD  Scientist. 
Salary:  $90,461;  Hours: 

Monday  through  Friday,  8am  - 
5pm.  Interested  applicants 
should  submit  two  (2)  copies  of 
resume  to:  Case  #200202689, 
Labor  Exchange  Office,  19 
Stamford  Street,  1st  Floor, 
Boston,  MA  02114. 


Java  Programmer/Analyst 
wanted  to  design  and 
develop  internet/intranet- 
based  systems.  Bachelor's 
degree  in  engineering  and 
2  years  experience  req¬ 
uired.  Send  resume  to 
Kentucky  Farm  Bureau 
Mutual  Insurance  Comp¬ 
any,  P.  O.  Box  20700, 
Louisville,  KY  40250-0600, 
Attn:  Human  Resources. 


Senior  Consulting  Systems 
Engineer  -  Provide  hands-on 
pre-sale  support  for  prospective 
clients,  including  needs  analy¬ 
sis,  solution  design,  presenta¬ 
tions  and  demonstrations,  site 
visits  to  support  evaluation  pro¬ 
jects,  and  telephone  guidance 
for  installing  and  using  the  prod¬ 
uct.  Work  closely  with  the 
account  manager  to  progress 
toward  the  business  "close" 
expeditiously.  Present  and 
demonstrate  company  products 
at  various  seminars  and  trade 
show  venues.  Provide  support 
for  technical  and  financial  ana¬ 
lyst  meetings  and  press  editorial 
meetings.  Build  presentations 
and  effective,  efficient  demon¬ 
strations  able  to  be  used  by  oth¬ 
ers  in  the  sales  organization. 
Remain  current  company  prod¬ 
ucts,  functions  and  features,  and 
with  alternative  products  in  the 
markets  the  company  serves. 
Continuously  update  information 
about  product  performance  in 
customer  installations.  Present 
performance  statistics.  Support 
customers  using  company 
developer  tools  to  create  custom 
application  or  database  drivers. 
Keep  up-to-date  with  versions  of 
supported  operating  systems, 
database  management  systems 
and  network  transport  protocols. 
Requirements  include  a 
Bachelor's  degree  or  equivalent 
combination  of  education  and 
work  experience  in  Computer 
Science,  an  Engineering  disci¬ 
pline  or  related  field  and  four 
years  of  work  experience  in  the 
job  offered  or  related  field  of  sys¬ 
tems  engineering.  Applicants 
must  have  unrestricted  autho¬ 
rization  to  work  in  the  United 
States.  Salary  $93, 280/year.  40 
hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203127,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FL, 
Boston,  MA  02114 


Jr  Programmers,  Programmers, 
Software  Engineers  &  DBAs: 
Design,  develop,  test  and  imple¬ 
ment  specialized  software  apps. 
in  (a)  Oracle  Financials  and 
Manufacturing  1 1  i  and  related 
tools,  Erwin,  Cognos  Suite, 
Business  Objects  and  MF 
Cobol;  (b)  SQL  DBA,  Unix 
Admin.,  VB,  Sybase,  Cobol,  C, 
Cold  Fusion  and  related  tech¬ 
nologies;  (c)  J2EE  and  related 
technologies,  Rational  Clear- 
Case,  CORBA,  MQSeries  and 
related  tools;  (d)  BDF. 
JPROBE.Test  Factory,  Requisite 
Pro,  CORBA,  Patrol  DB,  LDAP 
Server  and  Silk  Pilot;  (e) 
EAZYTRIEVE+,  Xpedio  Server, 
SQL  Backtrack,  PatrolDB, 
NetlQ,  Infopac.  Netview  and 
Gauntlet  Firewall;  (f)  PeopleSoft 
HRMS  (HR,  Payroll  and  Benefits 
Administration)  Application 
Engine,  SQR,  Cobol,  DB2. 
CICS,  nVision,  Crystal  Reports 
and  related  tools;  (g)  Java  and 
related  tools,  CORBA,  Sybase, 
Swing  and  Rational  Tools  (h) 
Oracle  Database  Admin,  in 
Oracle  11i,  Oracle  Enterprise 
Manager,  Solaris  AIX,  VB,  C++, 
SQL*Plus  and  related  tools;  (i) 
Cold  Fusion  and  related  tools, 
ASP,  XML,  DHTML,  Crystal 
Reports,  Java,  VB.  DCOM,  MS 
SQL  and  Oracle  8i;  (j)  Oracle 
Financials  and  PeopleSoft, 
Tuxedo,  Developer/Designer 
2000  and  related  tools;  (k) 
Hyperion  Essbase  Apps.  and 
related  tools;  (I)  Oracle. 
Peoplesoft,  ASP,  Java  and  relat¬ 
ed  tools,  SQA  Robot,  Mercury 
Test  Director  and  Silk;  (m) 
Clarify  and  related  technologies; 
(n)  JDK,  ASP,  CORBA,  Oracle, 
SQL  Server,  Linux,  VB  and 
HTML;  (o)  SAS  and  related 
packages,  Java,  Business 
objects  and  Oracle.  US  Workers 
only.  Consulting  positions  requir¬ 
ing  travel.  Prevailing  wage/ben¬ 
efits.  Send  resume  to  HR,  SSG, 
3300  Buckeye  Road,  Suite  555, 
Atlanta,  GA  30341,  identifying 
interested  position(s).  No  Phone 
calls  please. 
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0BJECTS0FT,  a  New  York 
based  information  technology 
and  business  consulting  ser¬ 
vices  provider  offer  full  cycle 
services  since  1995  based  on 
industry  specific  expertise. 
Presently  ObjectSoft  has  follow¬ 
ing  multiple  open  positions  in  the 
Chicago  area: 

Computer  Systems  Analysts: 
Analyze  user  requirements,  pro¬ 
cedures,  and  problems  to  auto¬ 
mate  or  improve  existing  sys¬ 
tems  and  review  computer  sys¬ 
tem  capabilities,  workflow,  and 
scheduling  limitations  using 
techniques  such  as  structured 
analysis,  data  modeling,  mathe¬ 
matical  model  building  and  sam¬ 
pling  with  Strong  experience  in 
single  and  multi  dimensional 
data  warehousing  applications 
using  SAS,  Business  Objects, 
Cognos,  Micro  Strategy, 
Informatica,  MSDTS,  Oracle 
Clinical,  Oracle,  C,  PL/SQL, 
FORMS  4.5,  UNIX,  WINDOWS 
XP/NT. 

Requirements:  Master  Degree 
or  its  equivalent  in  Business, 
Math,  Management  Information 
Systems,  Engineering  or  related 
field  and  at  least  one  year  of 
experience  or  Bachelors  degree 
or  its  equivalent  in  Business, 
Math,  Management  Information 
Systems,  Engineering  or  related 
field  and  at  least  three  years  of 
experience  performing  the  listed 
duties. 

Computer  Programmers 
Analyst: 

Convert  project  specifications 
and  statements  of  problems  and 
procedures  to  detailed  logical 
flow  charts  for  coding  into  com¬ 
puter  language.  Develop  and 
write  computer  programs  to 
store,  locate,  and  retrieve  spe¬ 
cific  documents,  data,  and  infor¬ 
mation  using  with  Strong  experi¬ 
ence  in  single  and  multi  dimen¬ 
sional  data  warehousing  appli¬ 
cations  using  SAS,  Business 
Objects,  Cognos,  Micro 
Strategy,  Informatica  &  MSDTS, 
Middleware  MQ  Series,  MQSI, 
J2EE  technologies,  Web 
Methods,  C++,  Visual  C++, 
MFC,  OLE,  SDK,  COM,  JAVA, 
JSP,  EJB,  ASP,  VB,  Active-x, 
NET,  and  Developer  2000. 
Requirements:  Master  Degree 
or  its  equivalent  in  Business, 
Math,  Management  Information 
Systems,  Engineering  or  related 
field  and  at  least  one  year  of 
experience  or  Bachelors  degree 
or  its  equivalent  in  Business, 
Math,  Management  Information 
Systems,  Engineering  or  related 
field  and  at  least  three  years  of 
experience  performing  the  listed 
duties. 

Interested  candidates  should 
send  resumes  to  ATTN:  Human 
Resources,  Objectsoft  Group 
Inc.,  401  N.  Michigan  Avenue, 
Suite  1200  Chicago.  IL  60611 
Email:  resumes@objectsoft- 

group.com  FAX:  253-423-6635 
OBJECTSOFT  GROUP  EOE. 


rriET2s 

Ma<»o>k  Sarvlc*  Solution* 

NET2S  is  a  leading  International  e- 
business,  information  technology, 
and  communication  infrastructure 
consulting  firm.  We  are  currently 
seeking  for  the  following  positions: 

•  Sr.  Tibco  (RV,  Hawk,  Ingetration 
Manager)  Developer 

•  IT  Risk  Mgmt  Security  Architect 

•  Sun  One  /  Siteminder  Architect 

•  Business  Objects  /  Cognos 
Developers 

•  NET  Architect 

All  positions  require  BS/MS  degree 
with  a  minimum  of  2  to  3  years  of 
experience  in  the  field.  Must  pos¬ 
sess  excellent  communication 
skills  as  well. 

NET2S,  82  Wall  Street,  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279-1960,  Phone  (212)  279-6565;  or 


Boehringer  Ingelheim 

Pharmaceuticals,  Inc.  has 
immediate  openings  in  its 
Ridgefield,  Connecticut  facility 
for  the  position  of  Senior 
Software  Engineer. 

Develops  and  implements  sys¬ 
tems  using  a  variety  of  technical 
tools,  identifies  problems  or 
opportunities  to  increase  effec¬ 
tiveness  and  productivity  and 
reduces  operational  costs 
through  optimal  use  of  informa¬ 
tion  systems. 

Must  possess  a  Master's  degree 
or  equivalent  in  Business 
Administration  or  a  related  field 
and  three  years  of  work  experi¬ 
ence  in  an  IT  field.  In  the  alter¬ 
native,  a  Bachelor's  degree  in 
Computer  Science,  Electrical 
Engineering  or  a  related  techni¬ 
cal  field  and  at  least  five  years  of 
relevant  business  experience  in 
marketing  and  operations  would 
also  be  acceptable.  Experience 
to  include  college  coursework/ 
project  or  work  experience  with: 
Documentum,  WDK,  DFC,  Web 
PublisherDesktop,  Java,  EJB, 
Servelets,  JSP,  Web  Logic, 
Oracle,  VB,  COM/DCOM,  IIS, 
XML,  HTML/DHTML,  and 
JavaScript;  and  developing 
client/server  and  web  applica¬ 
tions. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  AD-GCD/GC0503  or  it  will 
be  rejected. 

Forward  resume  to  Bl  Staffing 
Center,  PO  Box  534,  Waltham, 
MA  02454.  EOE. 


QA  Engineer  il  (Denver,  CO)  - 
Design,  develop,  implement, 
test  &  troubleshoot  newly  devel¬ 
oped  or  redesigned  products, 
systems,  or  equipment  of  mod¬ 
erate  scope  &  complexity. 
Perform  test  design  &  analysis 
for  applications  developed  via 
various  SW  programming  lan¬ 
guages  &  tools  including  Java, 
C/C++,  &  Oracle.  Plan  &  exe¬ 
cute  test  methodologies  using 
UNIX,  Oracle,  PL/SQL,  &  EDI 
(Electronic  Data  Interchange) 
applications.  Provide  technical 
support.  Design  test  result 
reports  &  report  defects.  BS 
Comp  Sci,  Eng,  or  related  +18 
months  related  exp  + 
working/theoretical  knowledge 
of  Java,  C/C++,  Oracle; 
Unix/Unix  Scripting;  PL/SQL,  & 
EDI.  $71 ,393/yr.  M-F.  8-5. 
Resume  only  to  Workforce 
Development  Programs,  PO 
Box  46547,  Denver,  CO  80202. 
Ref.  Job#CO5058187. 


Software  Engineer:  Develop, 
Test  &  Implement  new  applica¬ 
tions  using  Java,  HTML,  Java 
Script,  VB  Script,  DHTML, 
Oracle,  Pl/Sql,  XML,  Weblogic 
or  Apache  Tomcat.  Analyze  cur¬ 
rent  procedures  &  systems  to 
refine  &  convert  the  data  to  pro¬ 
grammable  form.  Study  existing 
systems  to  evaluate  effective¬ 
ness  &  upgrades  systems 
presently  in  use.  Monitor  imple¬ 
mented  systems  for  issues  & 
update  as  necessary.  Strong 
skills  in  Objected  Oriented 
Analysis  and  Design;  Data 
Modeling  with  thorough  knowl¬ 
edge  of  relational  database  con¬ 
cepts;  Writing  database  proce¬ 
dures,  triggers  and  functions. 
Must  have  2  yrs  exp.  and  B.S.  in 
CS/Sci.  or  2  yrs.  related  exp. 
60K/yr;  8A-5P.  40hrs/wk.  Submit 
2  resumes  to  Case#200202671, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  FI.,  Boston,  MA 
02114. 


or  jobs  and 
post  your  resume  on 
itcareers.com  or  call 
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System  Software  Engineer  - 
Work  as  part  of  software  devel¬ 
opment  team  to  write  software 
for  automatic  ultrasonic  imaging 
systems,  including  motion  con¬ 
trol,  instrument  setup,  data 
acquisition,  operator  interface, 
image  display  and  processing, 
and  data  analysis.  Focus  on 
instrument  control  and  data 
acquisition  software  and  graphi¬ 
cal  user  interface  design. 
Interface  with  customers,  in- 
house  sales  staff,  hardware 
development  engineers  and 
manufacturing  engineers  to 
specify,  customize  and  imple¬ 
ment  software  modules. 
Provide  accurate  estimates  of 
required  time  to  complete  soft¬ 
ware  tasks.  Use  Microsoft 
SourceSafe  for  version  control. 
Provide  on-site  support  for 
installation  and  testing  of  system 
software  as  required.  Interface 
with  customers  as  required  to 
assist  with  support  and  service. 
Program  in  C/C++  and  Visual 
C++  under  Windows  NT/98. 
Use  object  oriented  design, 
motion  control  software  and  GUI 
knowledge.  Requirements 
include  a  Bachelor's  degree  or 
equivalent  in  an  Engineering 
discipline,  Physics  or  closely 
related  technical  field  and  three 
years  of  work  experience  in  the 
job  offered  or  related  field  of  sys¬ 
tem  and  control  software  engi¬ 
neering.  Applicants  must  have 
unrestricted  authorization  to 
work  in  the  United  States. 
Salary  $74,838/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200202405,  Labor  Exchange 
Office,  19  Staniford  St..  1st  FI., 
Boston,  MA  02114 


Software  Engineers:  Software 
life  cycle  development  in 
Microsoft  Development  tools 
suite  including  C#.Net,  Oracle 
RDBMS  tools  suite,  SQL  Server, 
DB2,  COBOL  and  related  tech, 
to  develop  array  of  apps.  includ¬ 
ing  secure  Client  Server/Web 
based  HR,  Communication  and 
Government  apps.  Complete  job 
description  or  to  apply  contact 
HR,  3761  Venture  Dr.,  Bldg. 
100,  Suite  240,  Duluth,  GA 
30096. 


MECHANICAL  ENGINEER 

Require  BS  in  mechanical  engi¬ 
neering  and  3  yr.  exp.  in  position 
offered.  Must  have  taken  cours¬ 
es  in  thermodynamics,  hydro¬ 
mechanics,  and  heat  transfer 
theories  and  research  exp.  in 
energy  field.  Resume  to  Arbin 
Instruments,  762  Peach  Creek 
cut  Off  Rd.,  College  Station,  TX 
77845. 


The 

right  skills 
fuel 

the  new 
economy. 

itcareers.com 


SOFTWARE  ENGNR:  Analyze, 
dsgn  &  dvlp  web-based  applns 
&  systems.  Specific  duties 
include:  (i)  dsgn,  dvlp  &  config¬ 
ure  websites  &  systems  per 
client  specs  using  VB,  ASP, 
MTS,  Visual  Source  Safe,  Java, 
Visual  Interdev,  DCOM,  COM+, 
Active  X,  ADO  and  IIS;  (ii)  act  as 
Program  Lead  for  client's  pro¬ 
jects;  (iii)  perform  system  analy¬ 
sis,  coding  &  testing;  (iv)  dvlp 
components  to  integrate  Call 
Center  QA  tools  w/Kronos;  (v) 
maintain  &  perform  sys.  opti¬ 
mization  &  compliance  w/system 
reqmnts  of  health  care  industry; 
(vi)  perform  intensive  data 
analysis  &  dsgn;  &  (vii)  dvlp 
identity  &  account  mgnt  systems 
based  on  client’s  reqmnt  &  spec. 
Bach,  degree  in  Comp.  Sci.  or 
Electrical  Engrng  +  3  yrs  exp.  in 
position  offered  or  as  a  Prog. 
Analyst  or  Software 
Dvlpr/Consultant  reqd.  Must 
have:  (1)  2  yrs  of  exp.  w/VB, 
Java,  J2EE,  JavaScript,  VB 
Script.  ASP.  COM,  COM+, 
Active  X,  ADO,  XML,  SQL 
Server,  SOAP,  Seagate  Crystal 
Reports,  KRONOS,  Visual 
Interdev  &  Visual  Source  Safe 
as  well  as  working  w/iBaaN 
CRM  components  (incl.  Baan 
EIA  and  BOIS  as  well  as  iBaan 
CRM);  (2)  2  yrs  of  health  care 
industry  exp.,  including  exp. 
w/compliance  stndrds  (HL7, 
CCOW,  HIPAA);  (3)  ability  to 
adhere  to  industry-wide  software 
dvlpmnt  stndrds,  incl.  SEI-CMM, 
SEI-PSP;  &  (4)  high  mobility 
preferred.  40  hrs/wk,  8  am  -  5 
pm,  $64,240/yr.  Qualified  appli¬ 
cants  please  submit  resume  to: 
McKeesport  CareerLink,  Attn: 
ES  Manager,  345  Fifth  Avenue, 
McKeesport,  PA  15132-2600. 
Please  refer  to  Job  Order  No. 
WEB  360618. 


ObjectWin  is  looking  for 
Programmer/System  Analyst  or 
other  IT  professionals.  Applicants 
must  have  BS  or  equivalent. 
Skills  in  ASP.Net.  B2B,  VB.  Java, 
HTML,  VB.Net,  XSL.  CSS.  MS 
CMS,  SSL  &  MS  certified  pre¬ 
ferred.  Competitive  wage.  Apply 
at:  skarande@objectwin.com. 
EOE. 

Techgene  Solutions  has  open¬ 
ings  for  System  Analysts  or 
Software  Engineers.  Candidates 
must  have  BS  with  experience  in 
Cobol,  JCL,  Oracle,  SQL,  etc. 
Travel  may  be  required  for  some 
positions.  We  are  small  but  sta¬ 
ble.  Competitive  salary.  Please 
apply  at  bapujik@yahoo.com. 
EOE 


OmniPros,  a  worldwide  provider 
of  software  solutions  seeks  moti¬ 
vated  IT  professionals  specializ¬ 
ing  in:  Java,  J2EE,  Oracle, 
WebLogic,  Webmethod,  Vitria, 
Tibco,  Portals,  Oracle  CRM 
(Technical,  Hi)  Oracle  Mfg 
(Technical/Functional,  Hi), 
Oracle  Finance  (Technical,  Hi), 
Business  Development/  Tech¬ 
nical  Operations  Management 
Positions  are  located 
in  Chicago,  II.  Please 
e-mail  resume  to 

careers@omnipros.com,  fax 
resume  to  408-944-0719,  or 
mail  resume  to:  OmniPros  Ltd. 
99  W.  Tasman  Drive,  Ste  205 
San  Jose,  CA  95134 


Systems  Administrator  sought 
by  computer  s/w  development 
firm  in  Jacksonville,  FL.  Must 
have  Bach  in  Comp  Sci.,  Engg 
or  equiv  and  two  yr  relevant  exp 
in  designing,  developing  and 
implementing  LAN,  WAN,  VPN 
and  telephone  networks; 
Windows/Linux-based  DNS, 
DHCP,  WINS  Servers/Domain 
controllers;  SQL  Server7.0/ 
2000;  and  Oracle  8i/9i  for  OLAP 
&  OLTP  databases.  Respond  to: 
HR  Dept.,  Intelligenxia,  Inc., 
4905  Belfort  Rd.,  Ste  110, 
Jacksonville,  FL  32256. 


Senior  Software  Engineer- 
Platform  Services:  Lead  and 
participate  in  specification, 
design,  development  and  sup¬ 
port  of  company  products  includ¬ 
ing  the  overall  architecture, 
component  interfaces  and  com¬ 
munication  schemes,  client  and 
server-side  programs  written  in 
Java  and  C++.  Develop  Oracle, 
SQL  Server  and  LDAP  database 
schemas.  Assist  with  develop¬ 
ment  of  project  plans  and  sched¬ 
ules.  Follow  rigorous  software 
engineering  standards  including 
developing  product  require¬ 
ments,  functional  and  design 
specifications  and  adhering  to 
coding  standards.  Lead  efforts 
to  identify  and  resolve  any  prod¬ 
uct  performance  issues.  Mentor 
junior  engineers.  Requirements 
include  a  Master's  degree  or 
equivalent  in  Computer  Science, 
an  Engineering  discipline, 
Mathematics  or  related  field  and 
three  years  of  work  experience 
in  the  job  offered  or  related  field 
of  software  engineering  using 
C++,  or  a  Bachelor's  degree  or 
equivalent  in  Computer  Science, 
an  Engineering  discipline  or 
related  field  and  five  years  of 
progressively  responsible  expe¬ 
rience  in  the  job  offered  or  relat¬ 
ed  field  of  software  engineering 
using  C++.  Applicants  must 
have  unrestricted  authorization 
to  work  in  the  United  States 
Salary  $78, 000/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203134,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FI. . 
Boston,  MA  02114 


Software  Engineer  -  Provide 
software  engineering  consulting 
services  to  clients  for  Storage 
Area  Network  (SAN)  systems 
that  may  include  systems  manu¬ 
facture  by  Compaq,  EMC  and/or 
Hitachi,  or  others.  Design  and 
implement  management  and 
monitoring  SNMP  software  for 
the  SANs  and  other  IP  devices. 
Configure  and  test  SAN  devices 
including,  but  not  limited  to 
Brocade  Switches,  Foundry 
68000  routers,  Crossroad 
routers,  Cisco  and  Tape 
Libraries.  Will  use  software  lan¬ 
guages  including  Java,  CORBA, 
HTML,  Java  servlets,  Visual 
Basic,  Pascal,  JSP,  SML,  JMS 
and  networking  protocols  such 
as  SNMP,  TCP/IP,  HTTP,  HP 
Overview,  etc.  Work  includes 
SAN/LAN  programming  for  high 
scalability.  Masters  degree  in  CS 
and  two  years  of  experience  or 
Bachelor's  degree  and  five 
years  of  experience  on  software 
work  including  SANS  systems. 
Experience  must  include: 
Design,  develop,  implement, 
test  SANs  systems;  work  with 
routers  and  switches  such  as 
Cisco  routers/switches.  Foundry 
68000  switches;  work  on 
SAN/LAN  solutions;  Must  be 
willing  to  be  assigned  to  unantic¬ 
ipated  client  sites  throughout  the 
United  States.  Hours:  M-F,  8:00 
a.m.  to  5:00  p.m.;  40  hrs/wk. 
Salary:  $85, 384/year.  Send 
duplicate  resumes  to:  Job  Order 
#  2003-336,  P.O.  Box  989, 
Concord,  NH  03302-0989. 


Seeking  qualified  applicants  for 
the  following  positions  in 
Memphis/Collierville,  TN:  Senior 
Technical  Analyst.  Research, 
evaluate,  implement  and  coordi¬ 
nate  changes  to  computer  sys¬ 
tems/applications.  Requirements: 
Bachelor's  degree  or  equivalent  in 
computer  science,  math,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  systems/ 
applications  development,  includ¬ 
ing  programming.  Experience 
with  IMS  DB/DC,  Cobol  II  and 
TSO  also  required.  ‘Master's 
degree  in  appropriate  field  will  off¬ 
set  2  years  of  general  experience. 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services,  1900 
Summit  Tower  Blvd.,  Suite  1400, 
Orlando,  FL  32810.  EOE 
M/F/D/V. 


Regional  Sales 
Manager  west  coast 


IT  Careers  has  an  exciting  opportunity  for  a  high¬ 
ly  motivated  and  seasoned  sales  professional  to 
join  our  team.  This  Regional  Manager  will  be 
responsible  for  selling  integrated  recruitment 
advertising  packages  consisting  of  Print  (within 
our  network  of  publications),  Online  and 
Recruitment  Event  Show  Booths,  as  well  as  other 
products  as  they  become  established.  Emphasis 
will  be  on  generating  revenue  by  developing  new 
accounts,  but  this  individual  will  be  responsible 
for  growing  existing  accounts  and  servicing 
recruitment  ad  agencies  ensuring  that  IT  Careers 
is  top  of  mind.  The  candidate  will  be  the  part  of  a 
sales  team  working  to  set  the  territory  strategy, 
therefore  collaborative  selling  skills  are  critical.  In 
addition,  this  person  must  have  a  solid  under¬ 
standing  of  the  IT  recruitment  market,  be  an 
effective  communicator  and  negotiator  and  have 
a  proven  record  in  sales.  Minimum  of  5+  years  of 
outside  sales  experience  required,  preferably  in 
recruitment  advertising  sales.  This  position  will 
be  based  in  the  candidate's  home  office  on  the 
west  coast.  Travel  is  required. 


If  interested,  please  email  a  resume  to 
jcjobs@idg.com  or  fax  to  (508)935-4600. 
Please  include  code  ITC922  in  the  subject 
line. 


IT 


PQTPPre 


Software  Developer  -  Design 
code  and  test  financial  models 
and  their  integration  into  a  trad¬ 
ing  environment.  Analyze, 
review,  and  rewrite  program 
logic  to  increase  operating  effi¬ 
ciency  to  adapt  programs  to  new 
requirements  and  migrate  them 
as  new  standards  arise.  Design 
and  test  trading  applications  and 
write  and  rewrite  program  logic. 
Use  experience  in  C++,  Visual 
Basic,  Excel  and  database 
administration.  Will  utilize  basic 
knowledge  of  finance  and  eco¬ 
nomics.  Requirements  includes 
a  Bachelor's  degree  or  equiva¬ 
lent  in  Computer  Science,  an 
Engineering  discipline  or  related 
field  and  two  years  of  pre-  or 
post-degree  work  experience  in 
the  job  offered  or  related  field  of 
software  development. 

Experience  must  include  use  of 
C++,  Visual  Basic  and  database 
administration.  Applicants  must 
have  unrestricted  authorization 
to  work  in  the  United  States. 
Salary  $75,000/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203201,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FI., 
Boston,  MA  02114 


Software  Engineers  & 
Programmers:  Analyze,  design, 
test  and  implement  specialize 
software  applications  for  e-com¬ 
merce,  Web,  Client  Server  tech¬ 
nologies,  Legacy  systems  and 
distributed  apps.  in  Weblogic, 
Corba,  Apache,  Mainframe, 
ASP,  J2EE,  Siebel,  PB  and 
related  technologies  utilizing 
appropriate  RDBMS  including 
Oracle  and  DB2.  HR,  Instcomp, 
Inc.,  906  Lacey  Ave.,  Suite  # 
206,  Lisle,  IL  60536.  EOE 


SW  Dev  Engineer  (Omaha,  NE) 
-  Partner  in  a  team  environment 
to  design,  develop,  code,  test  & 
debug  new  SW  or  significant 
enhancements  to  existing  SW 
using  Oracle  databases, 
PL/SQL,  WebLogic  Server, 
Java,  JDBC,  &  the  J2EE/JDK 
environment.  Write  Java 
servlets  using  EJB,  JSP,  & 
JavaScript.  Perform  mainte¬ 
nance  on  existing  SW  using 
Oracle,  PL/SQL,  Java.  &  HTML 
in  Windows  NT,  UNIX,  &  Linux 
environment.  Apply  principles, 
theories  &  concepts  &  use 
methodologies,  tools,  doc 
processes  &  test  procedures  to 
complete  projects.  BS  Comp 
Sci,  Eng,  or  related  +  2  yrs  relat¬ 
ed  exp  +  working  knowledge  of: 
Oracle;  PL/SQL,  HTML, 
WebLogic  Server,  Java,  J2EE, 
JDBC,  EJB,  JSP,  Java  Script, 
Java  Dev  Kit  (JDK),  Java 
Servlets;  &  Win  NT/UNIX/Linux. 
$72,580/yr.  M-F.  8-5.  Must 
have  proof  of  legal  authority  to 
work  permanently  in  U.S.  No 
calls.  Send  cover  Itr  &  resume 
to:  Madhavi  Bhadbbade, 

Coordinator,  NE  DOL,  P.O.  Box 
94600,  Lincoln,  NE  68509-4600 
Ref.  Job#TREL5-RPS5A- 
01300. 


Systems  Analyst.  B.S.  in 
Comp.  Sci.  or  equiv.  +  3 
yrs.  rel.  exp.  Exp.  to 
include  C/C++,  UML, 
Python,  XP,  JavaScript, 
SQL,  STL,  MacApp,  Mac 
OS  X  (carbon),  and  .Net. 
Send  resumes  to  Robert 
Long,  MetaCommun- 
ications,  Inc.,  1210  S. 
Gilbert  St.,  Iowa  City, 
Iowa  52240-4506. 


CW031006E/W/MW.3 


Computerworld  •  InfoWorld  •  Network  World  •  October  6,  2003 


Computer  -  Consulting  Senior  IT 
Specialist.  Pittsburgh,  Penn¬ 
sylvania  and  various  client  sites 
throughout  the  United  States. 
Provide  consulting  services  in 
the  areas  of  performance  analy¬ 
sis,  skills  and  competency  man¬ 
agement  and  learning  support 
design  to  customers  of  IBM  soft¬ 
ware  to  customers,  specifically 
leading  edge  web  application 
server  products  such  a 
WebSphere.  Participate  in  the 
development  and  maintenance 
expertise  in  IBM  Software  prod¬ 
ucts  and  other  IBM  e-Business 
solutions.  Travel  to  customer 
locations  and  consult  with  cus¬ 
tomers.  Provide  mentoring  and 
technical  leadership  to  Web 
application  development  and 
deployment  teams.  Perform 
technical  tasks  including  overall 
solution  architecture,  analysis, 
design,  programming,  perfor¬ 
mance  tuning,  product  installa¬ 
tion  and  system  integration. 
Utilize  Java  and  JavaScript  on 
Windows  environment.  Req¬ 
uires  a  Bachelor’s  Degree  or  for¬ 
eign  degree  equivalent  in 
Computer  Science,  CIS,  MIS, 
Engineering  (any  type)  or  relat¬ 
ed  field,  and  two  (2)  years  expe¬ 
rience  in  the  job  offered  or  (2) 
two  years  of  experience  in  the 
related  occupation  of  IT 
Specialtist,  Sr.  Specialist,  Dev¬ 
eloper,  Programmer  Analyst, 
Programmer  or  Consultant. 
$90,000.00  per  year.  40  hours 
per  week  8:00am-6:00pm.  Must 
have  proof  of  legal  authority  to 
work  permanently  in  the  U.S. 
Send  cover  letter  and  resume  to 
Job  Order  Number  WEB360221 , 
PA  Career  Link/Job  Service,  Site 
Director,  Pittsburgh/Allegheny 
County  Career  Link,  ATTN:  CL 
Program  Supervisor,  425  Sixth 
Avenue,  Suite  2200,  Pittsburg, 
PA  15219-1837. 


Programmer  Analyst 
(MicroA/Veb)  - 
Multiple  Openings 

Structured  systems  analysis, 
design,  development,  testing, 
quality  assurance,  implementa¬ 
tion,  integration,  maintenance 
and  support  of  integrated  client- 
server  based  systems  for  busi¬ 
ness,  financial,  banking,  manu¬ 
facturing  and  other  commercial 
business  application  systems  in 
a  multi-hardware/multi-software 
environment  using  centralized  or 
distributed  relational  database 
management  systems,  4GLs 
(Fourth  Generation  Languages) 
and  other  GUI  (Graphical  User 
Interface)  front-end  tools. 
Analysis,  design  and  develop¬ 
ment  of  client-server  applica¬ 
tions  using  object-oriented 
methodology  Bachelor's  Degree 
(or  equivalent)  in  Computer 
Science- Math/Engineering/ 
Science/Business-Commerce 
and  1  yr.  experience  in  job 
offered  or  as  Software  Engineer/ 
Systems  Analyst  are  required. 
Must  have  appropriate  combina¬ 
tion  of  skills  as  follows:  1  of  A 
and  2  of  B;  or  2  of  A  and  1  of  B; 
or  3  of  A.  A  includes  Oracle, 
Sybase,  Informix,  SQL  Server, 
Progress,  Ingres,  Access  and 
Proxy  Server:  and  B  includes 
PowerBuilder,  Visual  Basic,  MS- 
Windows,  Visual  C++,  JAM, 
APT-SQL.  SQL*FORMS,  ESQL/ 
C,  GUPTA  SQL,  Progress  4GL, 
Informix  4GL,  Ingres  4GL,  C, 
Java,  Lotus  Notes,  HTML,  CGI, 
IIS,  ASP.  Front  Page,  Perl  and 
Java  Development  Kit  (JDK); 
High  mobility  preferred.  40 
hrs/week,  8  am  -  5  pm.  $67,995 
-  $78,000  per  year.  Qualified 
applicants  should  contact  or 
send  resume  to  Mon  Valley 
Regional  CareerLink,  Attn:  Actg. 
CL  Program  Supervisor,  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora.  PA  15033.  Refer 
to  Job  Order  #  WEB  360639. 


Engineer 

Pitney  Bowes  Inc.  has  an  open¬ 
ing  in  its  Shelton,  Connecticut 
office  for  an  Engineer. 

Develop  new  concepts  and  pro¬ 
totypes  in  the  areas  of  intelligent 
networked  devices  and  informa¬ 
tion  appliances  for  mail  and 
messaging  and  develop  novel 
embedded  system  solutions. 
Must  possess  at  least  a  bache¬ 
lor's  degree  or  its  equivalent  in 
Electrical  Engineering,  Comp¬ 
uter  Science  or  a  related  field 
and  relevant  work  experience, 
including  college  coursework/ 
project  and/or  work  experience 
with  USB  software  driver  devel¬ 
opment  and  hardware  interfac¬ 
ing;  embedded  software  devel¬ 
opment  experience  at  the  API 
level  of  various  handheld  and 
wireless  devices  such  as  the 
iPAQ,  Dolphin  and  Symbol  scan¬ 
ners;  embedded  Java  program¬ 
ming  experience  to  author 
device  independent  software 
interfaces  for  use  in  enterprise 
level  integrated  systems;trou- 
bleshooting  wireless  connectivi¬ 
ty  issues  at  the  hardware  and 
API  level  (including  vendor  inter¬ 
facing  and  verification  and  vali¬ 
dation  of  system  built  to  specifi¬ 
cation);  and  hardware  level 
debugging  of  wireless  and  wired 
components. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  E/MZ  or  it  will  be  rejected. 
Forward  resume  to  Robbin  Drew 
Elliott,  Pitney  Bowes  Inc.,  One 
Elmcroft  Road,  Stamford,  CT 
06926-0700. 


COMPUTER/IT 

Quality  Assurance  Analyst  (Test 
Automation  Specialist).  (Troy, 
Ml).  Req.  Bachelor's  degree  (or 
higher)  or  equiv.  foreign  educ.  in 
comp,  science,  bus.  admin., 
stats.,  or  related  eng.  field,  &  2 
yrs.'  exp.  in  the  job  offered  or  2 
yrs.'  exp.  in  execution  of  SAP 
R/3  quality  assurance  review  & 
testing  procedures  for  Materials 
Mgmt.  (MM),  Prod.  Planning 
(PP),  Sales  &  Distribution  (SD), 
Finance  (FI),  and  Human 
Resources  (HR)  modules  using 
Mercury  Interactive  tools.  All 
stated  exp.  must  include:  cre¬ 
ation  &  maintenance  of  automat¬ 
ed  test  scripts  using  QuickTest; 
&  use  of  Test  Director  to  manage 
&  administer  testing  process. 
Analyze,  define,  &  develop  qual¬ 
ity  assurance  standards,  prac¬ 
tices,  &  conventions  for  comp, 
systems.  Execute  SAP  R/3 
quality  assurance  review  &  test¬ 
ing  procedures  for  MM,  PP,  SD, 
FI,  &  HR  modules  using  Mercury 
Interactive  tools.  40  hrs./wk. 
8:00-5:00.  Apply  with  resume  to 
LaWanda  White,  Delphi 
Corporation,  5825  Delphi  Drive, 
Troy,  Michigan  48098.  EOE. 
Reference  #0613  when  apply¬ 
ing. 


Blackbaud,  the  leading  end-to- 
end  data  management  and 
technology  solutions  provider  for 
the  nonprofit  community,  offer¬ 
ing  software,  services  and  e- 
solutions,  is  seeking  a  Senior 
Statistician  based  in  Charle¬ 
ston,  South  Carolinato  generate 
and  supervise  development  of 
custom  response  models  for 
non-profit  organizations,  particu¬ 
larly  around  fundraising.  The 
candidate  will  create  multi-vari¬ 
ant  regression  models  that 
determine  the  likelihood  to  make 
a  certain  type  of  donation  and 
the  capacity  to  make  a  donation 
to  particular  non-profit  organiza¬ 
tions.  Requirements  are  a 
Master's  degree  in  Economics, 
Statistics  or  related  field  as  well 
as  four  years  of  experience  as  a 
Statistician  or  Research  Analyst 
using  SAS  tools  for  statistical 
and  regression  modeling.  If 
interested,  please  submit 
resume  via  the  Careers  Section 
of  www.blackbaud.com  .  Please 
put  reference  number-0905ELC 
in  the  cover  letter  when  apply¬ 
ing.  EOE 


SENIOR  SOFTWARE  ENGI¬ 
NEER  to  lead  a  team  in  the 
design,  development  and  sup¬ 
port  of  web-based  application 
software  and  databases  using 
J2EE,  SQL  Server,  Oracle, 
Java,  Servlets,  Swing,  Applets, 
JSP,  EJB,  JavaScript,  JDBC, 
RMI,  CORBA,  JavaBeans, 
HTML,  XML,  ASP.NET,  VB.NET, 
VBScript.  XSL,  XSLT,  ASP,  VB, 
ADO.NET,  ADO,  DAO,  RDO, 
Visual  Studio,  COM  and  Visual 
Source  Safe  under  Windows 
operating  systems.  Require: 
M.S.  degree  in  Computer 
Science/Engineering,  or  a  close¬ 
ly  related  field  with  2  yrs  of  exp 
in  the  job  offered  or  as  a 
Programmer/Analyst.  Extensive 
travel  on  assignments  to  various 
client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Srinivasa  R.  Manne,  Methodex 
Consulting  Services,  Inc.,  1517 
W.  Irving  Blvd.,  Irving,  TX 
75061;  Attn:  Job  VP. 


COMSYS  is  an  established  IT 
consulting  firm  that  serves  lead¬ 
ing  corporations  including  174  of 
the  Fortune  500.  With  COM¬ 
SYS,  you  get:  Extensive 
Benefits,  Additional  Comp¬ 
ensation  for  referrals,  and 
Professional  Challenges  with 
training  and  assignments  to 
keep  you  at  the  forefront  of  tech¬ 
nology.  With  30  offices,  we  need 
the  services  of  experienced  con¬ 
sultants  across  the  US: 

•  Computer  Programmers 

•  Programmer  Analysts 

•  Systems  Analyst 

•  Software  Engineers 

•  User  Support  Specialists 

•  DBA’s 

•  Business  Analysts 

•  Project  Leaders 

Submit  resume  to: 

COMSYS 
3030  LBJ  Freeway 
Suite  905 
Dallas,  TX  75234 
www.comsys.com 
Fax:  972-960-0914 
EOE/M/F/DV 


Millennium  Software,  Inc.  has 
immediate  opportunities:  Comp¬ 
uter  Programmers,  Progra¬ 
mmer/Analysts,  Systems  Analy¬ 
sts,  Software  Engineers  / 
Consultants,  DBAs,  Architects 
and  Project  Managers  with  4  or 
more  skills  in  following  environ¬ 
ments:  Java,  EJB,  Shell  Scripts, 
SAS,  PLC,  Textra,  XML,  SQL, 
mqPCX,  PowerBuilder,  Rational 
Rose,  Relational  Databases, 
Perl,  SAP,  Primavera  Team  Play 
/  P3e,  Teradata,  MQ-Series, 
IMS,  Adabase,  Natural,  Web¬ 
sphere,  Oracle  Workflow,  Filenet 
eprocess,  Floware  Workflow 
engine,  C/C++,  HTML,  Visual- 
Basic,  COBOL,  DCEDFS, 
AutoCAD,  Six-Sigma.  B.  S.  or 
M.S.  reqd.  +  1  yr.  exp.  depend¬ 
ing  on  position.  Frequent  travel 
and  relocation.  Send  confiden¬ 
tial  resume  and  salary  require¬ 
ments  to:  2000  Town  Center,  Ste 
300,  Southfield,  Ml  48075  Visit 
our  website  at  www.webmsi.com 


Immediate  opportunities  for  both 
entry-level  and  experienced 
Programmers,  Programmer 
Analysts,  Systems  Analysts, 
Software  Engineers,  DBA's  and 
Software  Consultants  with  three 
or  more  of  the  following  skills: 
Java,  Shell  Scripts,  SAS,  PLC, 
Textra,  XML,  SQL,  DB2, 
mqPCX,  Oracle,  PowerBuilder, 
Rational  Rose,  Sybase,  Perl, 
PeopleSoft,  Crystal  Enterprise, 
Crystal  Reports,  Teradata  &  MS 
Visual  Studio.  B.S.  or  M.S. 
degree  or  foreign  equiv.  in  rele¬ 
vant  field  req'd  +  1  yr.  exp. 
depending  on  position.  Frequent 
travel  and  relocation.  Send  con¬ 
fidential  resume  and  salary 
requirements  to:  HR,  Saras 
America,  Inc  32605  W.  12  Mile 
Rd,  Ste  180  Farmington  Hills,  Ml 
48334  Visit  our  website  at 
www.sarasamerica.com. 


Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of 
design;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  WebSphere,  WebLogic, 
iPlanet,  Oracle,  Dreamweaver 
and  JBuilder.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
WebSphere,  WebLogic,  iPlanet, 
Oracle,  Dreamweaver  and 
JBuilder.  Salary:  $66, 000/year. 
Working  Conditions:  8:00  A.M. 
to  5:00  P.M.,  40  hours/week, 
involves  extensive  travel  and 
frequent  relocation.  Apply: 
BECS/CareerLink  Program 
Supervisor,  Indiana  County 
CareerLink,  300  Indian  Springs 
Road,  Indiana,  PA  15701,  Job 
No.  WEB362143. 


Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of 
design;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  PowerBuilder,  PL/SQL, 
StarTeam,  PowerDesigner  and 
Rational  Rose.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
PowerBuilder,  PL/SQL,  Star- 
Team,  PowerDesigner  and 
Rational  Rose.  Salary:  $70,000/ 
year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours/ 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Site  Manager,  Armstrong  County 
CareerLink,  1270  North  Water 
Street,  PO  Box  759,  Kittanning, 
PA  16201-0759,  Job  No. 
WEB362147. 


SOFTWARE  ENGINEER  to 
design,  develop,  maintain  and 
implement  applications  to 
process  online  transactions 
using  Java,  JSP  (STRUTS 
Framework),  JDBC,  EJB,  JMS, 
JavaScript,  Oracle,  XML, 
Rational  Rose,  dear  Case  and 
WebSphere  under  Windows  NT 
operating  system.  Require: 
Master’s  degree  in  Computer 
Science/Engineering,  or  a  close¬ 
ly  related  field  with  2  yrs  of  exp  in 
the  job  offered  or  as  a 
Programmer/Analyst.  Compe¬ 
titive  salary  offered.  Apply  by 
resume  to:  Dave  Bloomquist, 
Global  Software  Development 
Services,  Inc., 10  South  5th  St., 
Ste.  700,  Minneapolis,  MN 
55402;  Attn:  Job  RM. 


Client/Server  Analyst: 

Louisville,  KY:  Designs, 
implements  and  supports  two- 
tier  and  three-tier  client/server 
infrastructure  in  a  multi-server 
WAN/LAN  environment  with 
NT  and  Netware  server  sup¬ 
port  at  the  O/S  level. 
Requires  a  Bachelor's  degree 
and  at  least  one  year  of  expe¬ 
rience  in  the  above.  Reply 
with  resume  to:  IT  Job,  P.O. 
Box  6351,  Louisville,  KY 
40206-0351. 


Multiple  positions  available  for 
computer  professionals  includ¬ 
ing  Software  Engineers, 
Programmer  Analysts,  Systems 
Analysts,  Computer  Progr¬ 
ammers,  Network  Analysts, 
Systems  Administrators,  Soft¬ 
ware  Developers,  Website 
Developers,  DBAs,  etc.  Loca¬ 
tions  vary.Openings  now 
w./leader  in  the  field  including 
TEKsystems,  Onsite  and  Allegis 
Group.  Req’s:  Bach.,  MS  or 
equiv.  in  relevant  field,  may 
require  exp.  Travel  and/or  relo¬ 
cation  possible.  E.O.E. 
Competitive  salary  &  benefits. 
Send  resumes  to:  J.  Brigham, 
Allegis  Group,  HR;  7301 
Parkway  Drive,  Hanover,  MD 
21076,  ID  Job  No.  FL1003. 


PROGRAMMER/ANALYST  to 
analyze,  design  ,  develop  and 
maintain  application  software  in 
a  client/server  environment 
using  Power  Builder,  Visual 
Basic,  Erwin,  Install  Shield, 
Crystal  Reports,  Oracle  and 
Pro*C  under  Windows  NT/2000 
and  Linux  operating  systems. 
Require:  B.S.  degree  (or  equiva¬ 
lent)  in  Computer  Science/ 
Programming,  or  a  closely  relat¬ 
ed  field  with  2  yrs  of  exp  in  the 
job  offered;  Each  3  yrs  of  pro¬ 
gressively  responsible  work  exp 
in  the  field  will  be  considered 
equivalent  to  1  yr  of  college  edu¬ 
cation.  Extensive  travel  on 
assignments  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  Shri 
Gangal,  Syspro  Technologies, 
Inc.,  13010  Morris  Road,  6th 
Floor,  Alpharetta,  GA  30004; 
Attn:  Job  VT. 


Programmer/Analyst  to  design, 
develop,  implement,  maintain 
and  support  application  software 
in  a  client/server  environment 
using  Visual  C++,  Windows 
SDK,  MFC,  ATL,  Visual  Basic, 
COM/DCOM,  ASP,  XML,  HTML 
and  MTS  on  Windows 
Platforms.  Require:  BS  Degree 
in  Science/Engineering  or  a 
closely  related  field  with  2  years 
of  progressively  responsible 
experience  in  the  Job  offered  or 
in  the  related  occupation  of 
Software  Engineer  Extensive 
travel  on  assignments  to  various 
client  sites  within  the  US  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to  : 
Ravi  Kandimalla,  Everest 
Computers,  Inc.,  900  Old 
Roswell  Lakes  Parkway,  Suite 
300,  Roswell,  GA  30076;  Attn: 
JobBS 


Software  Analyst  II 
Duties:  Perform  modeling,  evalu¬ 
ation,  testing  &  design/analysis  of 
s/w.  Min  Req:  Masters/Info  Tech 
w /  concent,  in  Mgt  Info  Tech;  3  yrs 
exp.  in  s/w  design/analysis  using 
Dynamic  C,  C++,  Visual  Basic, 
including  at  least  3  yrs  exp  in 
embedded  s/w  design  &  imple¬ 
ment.  Demonstrated  proficiency 
in  GPS  receiver  tech,  cell,  comm 
tech,  implement,  of  NMEA  proto¬ 
col  &  integration  of  TDMA  and 
Microburst  based  cell.  comm, 
modules.  40  hrs/wk.  salary  dep 
on  quals..  Must  have  proof  of 
legal  authority  to  work  in  U.S. 
Submit  resume  by  mail  only  to 
GTS,  5385  Mark  Dabling  Blvd, 
Ste  101,  Colo.  Springs,  CO 
80918. 


Sndo-American  Connection  LLC 
has  openings  for  Business 
Analysts  with  at  least  two  years 
of  experience  and  Programmer 
Analysts  and  Software 
Engineers  with  at  least  two 
years  of  experience  in  the  fol¬ 
lowing:  Java,  JavaScript,  HTML, 
C++,  Oracle  Database,  Visual 
Basic,  PowerBuilder,  ISS,  SQL 
Server,  MS  Access,  HP  Unix, 
and  Win.  NT.  Some  positions 
require  a  Bachelors  Degree, 
others  Masters  Degree. 
Equivalent  degree  and  experi¬ 
ence  is  also  accepted.  Exc.  Pay 
&  Bnfts.  Mail  resume  to:  HR 
Dept.,  Indo-American  Conn¬ 
ection  LLC,  27  Timber  Road, 
Edison,  NJ  08820. 


Merrick  Systems,  Inc.  provides 
software  and  consulting  services 
for  the  energy  industry  leverag¬ 
ing  e-business  and  m-business 
technology.  Senior  System 
Analyst:  Analyze,  architect, 
develop,  integrate  and  Test 
Multi-Tier  Enterprise  Application 
using  VB.NET,  XML  Web 
Services,  PB,  C++,  UML, 
Rational  Rose,  J2EE,  Jaguar 
CTS  and  EAI  technologies  using 
database  in  Oracle,  Sybase  and 
SQL  Server.  Need  Bachelor's 
degree  in  Computer  Sciences  or 
Engineering  or  related  and  2+ 
years  of  industry  experience. 
Mail  to:  4801  Woodway  #100E, 
Houston,  TX  77056  or  E-mail: 
resumes@merricksys.com 


Programmer  Analyst 

Multiple  positions  available  to 
analyze  user  requirements,  pro¬ 
cedures,  and  problems  to  auto¬ 
mate  processing  and  to  improve 
existing  computer  systems. 
Position  requires  B.S.  in  Comp 
Sci  or  related  field,  (6)  months 
work  exp.  in  position  offered  or 
in  computer  industry,  &  experi¬ 
ence  with  1  of  the  following:  (1) 
Database  Administration;  (2) 
Orbs  or  TP  monitors  in  a  multi¬ 
threaded  UNIX  or  NT  environ¬ 
ment;  or  (3)  Java  or  EJB. 
Requires  extensive  travel  &  relo¬ 
cation.  $67,995/yr.  EOE.  Res¬ 
ponses  to:  Site  Director, 
Pittsburgh/Allegheny  County 
CareerLink,  ATTN:  CL  Program 
Supervisor,  425  Sixth  Avenue, 
Suite  2200,  Pittsburgh,  PA 
15219-1837.  Reference  Job 
Order#  WEB  359824. 


Multiple  positions  available  for 
computer  professionals  includ¬ 
ing  Soft.  Eng.'s,  P/A's,  Systems 
Analysts,  Network  Analysts, 
Systems  Admin. ’s,  SW  Deve¬ 
lopers,  Website  Developers, 
DBA'S,  etc.  Locations  vary. 
Openings  now  w/leader  in  the 
field  including  TEKsystems, 
Onsite,  and  Allegis  Group.  Req's 
degree  (Bach.  MS,  or  equiv.)  in 
relevant  field.  Travel/frequent 
relocation  possible.  E.O.E. 
Competitive  salary  &  benefits. 
Resume  to:  J.  Brigham,  Allegis 
Group,  HR;  7301  Parkway 
Drive,  Hanover,  MD  21076.  ID 
Job  No.  10-01-2003. 
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Siebel  Takes  Hosted  CRM  Plunge  With  IBM 


Continued  from  page  1 

IBM  Hosting 

bel  Systems  Inc.  in  San  Mateo, 
Calif.,  to  offer  CRM  services 
in  this  manner  (see  story  at 
right). 

An  IBM  data  center  in  Boul¬ 
der,  Colo.,  houses  the  systems, 
which  users  can  access  re¬ 
motely  on  a  pay-as-you-go  ba¬ 
sis.  The  service  will  gradually 
be  expanded  to  other  IBM  fa¬ 
cilities  around  the  world,  and 
U.S.  companies  could 
eventually  have  their 
day-to-day  business 
applications  residing 
on  servers  located  in 
places  such  as  India. 

Mike  Riegel,  man¬ 
ager  of  IBM’s  e-busi- 
ness  hosting  services, 
said  that  outside  of 
regulated  industries 
such  as  health  care 
and  financial  ser¬ 
vices,  the  use  of  offshore  data 


run  data  centers  all  over  the 
world.  But  the  idea  of  turning 
part  or  all  of  a  company’s  data 
center  operations  over  to  an 
offshore  provider  is  in  its  in¬ 
fancy,  according  to  offshore 
service  providers  and  analysts. 

Some  companies  are  begin¬ 
ning  to  use  offshore  service 
providers  to  remotely  manage 
and  monitor  their  data  centers 
in  low-cost  countries  while 
keeping  the  hardware  and  data 
in  North  America  and  Europe. 
But  most  offshore  users  are 
like  Lancaster,  Pa.- 
based  Armstrong 
World  Industries  Inc., 
which  focuses  its  off¬ 
shore  operations  on 
application  develop¬ 
ment. 

Armstrong,  which 
has  59  plants  in  14 
countries,  turned  to 
an  offshore  developer 
to  help  it  cut  costs 
and  get  out  of  bank¬ 
ruptcy  brought  on  by  as¬ 


Two  years  after  it  pulled  the  plug 
on  its  first  hosted  CRM  software 
offering,  Siebel  Systems  is  once 
again  entering  that  market,  this 
time  through  a  deal  with  IBM. 

Siebel  and  IBM  last  week  said 
they  plan  to  jointly  offer  a  hosted 
set  of  new  CRM  applications 
aimed  primarily  at  small  and  mid¬ 
size  companies.  Dubbed  Siebel 
CRM  OnDemand,  the  hosting  ser¬ 
vice  is  due  to  become  available 
this  quarter  and  will  be  run  on 
systems  at  IBM’s  data  centers. 

Customers  will  be  charged  a 
monthly  fee  of  $70  per  end  user 
and  will  be  able  to  customize  the 
applications  themselves,  without 
needing  help  from  consultants, 
according  to  Richard  Gorman, 
Siebel’s  senior  vice  president  of 
products. 

Gorman  said  Siebel  also  hopes 
to  entice  larger  companies  to  use 


Siebel  CRM  OnDemand  for  small 
software  deployments  that  can 
later  be  expanded.  OnDemand  is 
built  on  a  separate  architecture 
and  has  its  own  user  interface,  but 
it  can  be  integrated  with  and  up¬ 
graded  to  Siebel’s  full-fledged  ap¬ 
plications,  he  added. 

Planitax  Inc.,  an  Emeryville, 
Calif. -based  company  that  sells 
tax  software,  is  beta-testing  the 
Siebel/IBM  offering.  Chris  Staub- 
er,  a  former  Siebel  employee  who 
is  now  chief  technology  officer  at 
Planitax,  said  the  company  is 
looking  at  using  Siebel  CRM 
OnDemand  to  replace  an  existing 
set  of  hosted  CRM  applications 
from  an  unidentified  vendor. 

The  CRM  software  Planitax  is 
already  using  won't  meet  the 
company’s  future  needs,  Stauber 
said.  Siebel  is  still  adding  func¬ 
tionality  to  its  hosted  offering  but 


has  more  sophisticated  capabili¬ 
ties,  including  built-in  analytics, 
he  added.  “The  basis  for  the  ap¬ 
plication  is  the  enterprise  version 
of  their  software,”  Stauber  noted. 
“What  holes  there  are  are  mostly 
cosmetic." 

Siebel  launched  a  Web-based 
CRM  service  called  Sales.com  in 
1999,  but  it  scrapped  the  unprof¬ 
itable  venture  two  years  later.  The 
joint  offering  with  IBM  will  com¬ 
pete  against  CRM  application 
service  providers  such  as  Sales- 
force.com  Inc.,  a  San  Francisco- 
based  company  that  claims 
100,000  end  users  for  its  hosted 
software  service. 

Liz  Roche,  an  analyst  at  Meta 
Group  Inc.,  said  teaming  with  IBM 
could  help  Siebel  attract  users 
that  have  steered  clear  of  hosted 
CRM  installations. 

-  Stacy  Cowley,  IDG  News  Service 
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MERCURIO:  “It’s 
important  that 
IBM  keep  this 
service  fresh." 


centers  can  work. 

“There  is  a  lot  of  fear,  un¬ 
certainty  and  doubt  about 
cross-border  delivery,”  said 
Riegel.  “But  when  you  really 
dig  into  the  regulatory  envi¬ 
ronment,  there  aren’t  many 
impediments  to  it.” 

Multinational  companies 


bestos-related  lawsuits. 

Edison,  N.J.-based  Intelli- 
group  Inc.,  which  has  an  off¬ 
shore  development  center  in 
Hyderabad,  India,  is  responsi¬ 
ble  for  development  and  main¬ 
tenance  of  Armstrong’s  SAP 
AG  ERP  system,  said  Mark 
Young,  Armstrong’s  director 


of  program  management. 

Young  said  the  offshore 
arrangement  has  yielded  cost 
savings  through  reduced  head 
count  and  the  flexibility  to  in¬ 
crease  or  decrease  his  re¬ 
sources  as  needed.  He  said  he 
also  looked  at  hardware  out¬ 
sourcing  but  opted  instead  for 


internal  improvements,  such 
as  server  consolidations,  to  re¬ 
duce  his  costs. 

Still,  Young  said  he  contin¬ 
ues  to  review  vendor  out¬ 
sourcing  options,  such  as 
IBM’s  Virtual  Server  Services. 
“When  you  are  trying  to  be¬ 
come  financially  stable,  you 


are  always  looking  for  cost  [re¬ 
duction]  opportunities,”  he 
said. 

Paul  Mercurio,  CIO  at  Exxon 
Mobil  Travel  Guide  LLC,  a 
subsidiary  of  Exxon  Mobil 
Corp.  in  Park  Ridge,  Ill.,  has 
been  using  IBM  Virtual  Server 
Services  for  the  past  year. 
They  were  initially  offered  to 
customers  that  wanted  to  port 
applications  to  IBM  zSeries 
mainframes  running  Linux. 

Mercurio,  who  uses  the  ser¬ 
vice  for  his  company’s  Web 
production  and  publishing, 
said  the  cost  is  as  much  as 
30%  below  any  alternative. 
“The  key  thing  from  my  per¬ 
spective  is  . . .  it’s  important 
that  IBM  keep  this  service 
fresh  [and]  new”  as  technolo¬ 
gy  improvements  are  made,  he 
said. 

With  respect  to  the  location 
of  services,  Mercurio  said  it 
doesn’t  matter  where  a  re¬ 
source  is.  “What  matters  is 
that  you  have  a  path  to  the  re¬ 
source  and  that  there  is  a  suf¬ 
ficient  amount  of  that  re¬ 
source  available,”  he  said. 

©  41838 
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Some  Systems  Administration  Moving  Offshore 


Early  adopters  of  offshore  out¬ 
sourcing  of  IT  systems,  as  op¬ 
posed  to  application  develop¬ 
ment,  are  focusing  on  remote 
monitoring,  database  administra¬ 
tion  and  other  systems  adminis¬ 
tration  functions. 

But  analysts  and  offshore  ser¬ 
vice  providers  say  they  aren’t  see¬ 
ing  firms  relocating  data  center 
hardware  offshore.  Companies 
maintain  that  although  such  a 
move  probably  isn’t  worth  the  mi¬ 
gration  expense,  they  may  use 
hardware  located  offshore 
through  an  outsourcing  vendor. 

"Moving  the  machine  is  really 
unnecessary,”  said  Suresh  Gupta, 
a  consultant  at  Capco,  an 


Antwerp,  Belgium-based  financial 
services  consulting  firm.  He  sees 
network  monitoring  functions  go¬ 
ing  offshore  as  part  of  an  “extend¬ 
ed  team”  approach.  For  instance, 
a  company  in  India  could  manage 
a  network  during  overnight  hours 
in  the  U.S. 

But  there  are  many  elements 
affecting  a  decision  to  outsource 
infrastructure  operations  offshore, 
including  network  reliability, 
geopolitical  concerns  and  securi¬ 
ty.  It  remains  “more  of  a  niche  and 
still  a  slowly  evolving  process,” 
said  Richard  Matlus,  research  di¬ 
rector  at  Gartner  Inc.  in  Stamford, 
Conn. 

But  offshore  aside,  infrastruc¬ 


ture  outsourcing  is  growing  in  the 
U.S.,  and  offerings  are  expanding. 
For  instance,  Sun  Microsystems 
Inc.  last  week  said  it  had  struck  an 
agreement  with  Houston-based 
SchlumbergerSema,  the  IT  ser¬ 
vices  arm  of  Schlumberger  Ltd., 
for  outsourced,  pay-as-you-go 
services.  Schlumberger  will  use 
Sun  servers  to  provide  services 
targeted  at  the  energy,  finance, 
telecommunications  and  govern¬ 
ment  sectors.  The  servers  can  be 
hosted  at  the  customer’s  site  or 
Schlumberger’s  data  center. 

While  these  data  center  ser¬ 
vices  can  be  provided  anywhere, 
“the  barrier  is  the  customer  com¬ 
fort  to  sending  something  off- 


SHWKi 

shore,”  said  Ashif  Dhanani,  direc¬ 
tor  of  utility  computing  at  Sun. 

Kumar  Mahadeva,  CEO  of  Cog¬ 
nizant  Technology  Solutions 
Corp.,  an  offshore  services  pro¬ 
vider  in  Teaneck,  N.J.,  said  he’s 
seeing  business  processes  such 
as  claims  processing  go  overseas, 
resulting  in  the  creation  of  off¬ 
shore  data  centers  to  support 
those  operations. 

Andre  Mendes,  chief  technolo¬ 
gy  integration  officer  at  Public 
Broadcasting  Service  in  Alexan¬ 
dria,  Va„  said  he  believes  that  lo¬ 
cating  data  centers  anywhere  in 
the  world  is  becoming  almost  in¬ 
evitable  as  technology  improves. 
"The  only  bottlenecks  left  behind 
are  geopolitical  ones,”  he  said. 

-  Patrick  Thibodeau 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Ugly  Screens 


There  are  some  ugly  screens  in  your  applications. 

Your  users  know  them  all  too  well.  They’re  the  screens 
where  users  have  to  copy  information  with  a  pencil  and 
paper,  or  where  one  wrong  keystroke  will  wipe  out  15 
minutes  of  work,  or  where  the  application  can  suddenly 
freeze  for  no  apparent  reason. 

Your  developers  know  those  ugly  screens,  too.  They’ve  tried  to  fix 
those  screens  for  years.  But  the  code  is  a  kludgy,  convoluted  mess, 
and  simple  fixes  won’t  work.  Ripping  those  screens  out  and  making 
them  right  would  cost  a  bundle,  which  you  don’t  have  to  spare.  Be¬ 
sides,  users  have  lived  with  those  screens,  ugly  as  they  are,  for  a  long 
time  —  and  if  they  have  to,  they  can  keep  living  with  them. 

So  if  you  can’t  fix  an  ugly  screen,  what  can  you  can  do  with  it? 


Document  it.  Don’t  pretend  that  these  eyesores 
don’t  exist.  Keep  a  list  of  them.  Track  what  fixes 
were  tried  and  didn’t  work  —  and  when  and 
why.  That  way,  you’ll  always  know  how  long  it’s 
been  since  someone  last  tried  to  fix  one.  If  the 
application  is  ever  completely  rewritten,  you 
won’t  forget  and  inadvertently  preserve  that 
ugly  screen’s  logic. 

Give  your  most  junior  developers  a  shot  at  it.  Hey, 
they  don’t  know  it’s  impossible  to  fix.  If  they 
come  up  with  an  ingenious  solution,  great.  If 
not,  at  least  they’ll  get  a  taste  of  the  worst  your 
legacy  code  has  to  offer.  That’s  something  you 
can  be  sure  they  didn’t  learn  in  school. 

Bless  the  work-around  for  it.  Your  users  have 
probably  figured  out  the  best  way  to  deal  with 
each  ugly  screen.  You’ve  probably  been  too  em¬ 
barrassed  to  include  those  work-arounds  in 
documentation  and  training.  Get  over  it,  and 
get  the  users  to  write  up  those  work-around  de¬ 
scriptions.  And  who  knows?  Once  your  devel¬ 
opers  know  exactly  what  the  users 
do  to  dodge  ugly  screens,  they  may 
even  figure  out  a  fix. 

Put  a  bounty  on  it.  Nothing  encour¬ 
ages  developers  to  take  another 
look  at  problem  code  like  a  cash  re¬ 
ward  for  coming  up  with  the  idea 
that  finally  fixes  it.  But  save  your 
bounties  for  longstanding  problems, 
or  you  may  end  up  with  “problems” 
in  new  code  that  just  happen  to  be 
prime  candidates  for  bounties. 

Ask  users  how  it  should  work.  Maybe 
you’re  going  about  this  the  wrong 
way  —  trying  to  fix  logic  that  no 


longer  needs  to  be  so  convoluted.  If  users  can 
simplify  the  screen’s  functional  definition,  you 
might  be  able  to  make  it  work.  But  be  careful  to 
manage  expectations.  Don’t  tell  users  you’re 
fixing  it  —  just  that  you’re  trying. 

Junk  it.  OK,  virtually  junk  it.  Ask  a  small 
group  of  users  to  try  using  the  application  with¬ 
out  touching  that  screen.  If  they  can’t,  you’re  no 
worse  off.  If  they  can,  maybe  you  can  decom¬ 
mission  that  screen  entirely. 

Find  out  how  important  it  is  to  the  users’  man¬ 
agers.  If  it’s  top-of-mind  for  a  manager,  you  can 
discuss  what  it  will  cost  to  do  this  expensive  fix 
right.  If  he  didn’t  know  about  it,  your  question 
demonstrates  that  you’re  being  proactive  about 
solving  his  users’  problems.  Either  way,  it  helps 
you  gauge  how  big  a  deal  it  really  is. 

Make  it  a  poster  child  for  your  IT  budget.  It’s  bad. 
It  should  be  fixed.  It’s  not  your  fault;  you  inher¬ 
ited  it.  It  costs  users  time  and  effort,  and  that 
means  money.  Fixing  it  will  take  some  major 

dollars.  Sure,  you  just  began  a  new 
fiscal  year.  But  start  a  campaign 
now,  and  you’ll  have  a  well-primed 
pump  when  the  next  budget  cycle 
comes  around. 

If  nothing  else  works,  ship  it  over¬ 
seas.  Face  it:  You  can’t  fix  this  code 
in-house.  And  your  CEO  wants  you 
to  dip  a  toe  into  offshore  outsourc¬ 
ing.  Your  offshore  partners  won’t 
love  you  for  sending  your  nastiest, 
thorniest  problems  as  their  first 
projects.  But  if  they  can  fix  those 
ugly  screens,  you’ll  know  you  got 
your  money’s  worth.  ©  41543 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworld.com. 


Logging  Out  the  Hard  Way 

This  control-freak  IT  manager  just  has  lo  have  the 
same  rightphat  his  mainframe  programmers  and  op¬ 
erators  have.  Then  one  day,  the  entire  transaction  sys¬ 
tem  vanishes  suddenly  for  400  users.  “Even  stranger, 
a  crisis  had  occurred,  and  the  boss  wasn’t  demanding 
a  status  report,”  says  a  pilot  fish  on  the  scene.  Appar¬ 


ently,  the  boss  had  had  trouble  logging  out,  so  he  used 
a  very  risky,  very  restricted,  warned-about-in-the-docs 
utility.  “He  logged  himself  out  -  and  took  400  users 
with  him,”  says  fish.  “He  let  us  take  away  his  unneces¬ 
sary  authorities  after  that.  No  arguments.” 


Slowdown 

Payroll  user’s 
new  2-GHz  PC 
gets  an  error 
message  when 
he  runs  a  particular 
report,  so  IT  pilot  fish 
searches  the  knowledge 
base  for  a  solution.  “It 
says,  ‘Run  the  report 
on  a  machine  with  a 
processor  speed  under 
1  GHz,  or  open  as  many 
programs  as  possible 
to  slow  the  machine 
down,’”  groans  fish. 
“Where  are  the  386s 
when  you  need  one?” 

Just  What 
She  Asked  For 

The  entire  network  goes 


SHARK 

TANK* 


for  any  em¬ 
ployee  failing 
to  patch  his 
PC.  Then  IT 
security  calls 
this  pilot  fish  and  accus¬ 
es  him  of  using  an  un¬ 
patched  machine.  Can’t 
be,  says  fish  -  mine’s 
patched.  It  turns  out  to 
be  a  conference-room 
PC  that  fish  logged  onto 
for  a  demo.  “Who  owns 
support  of  those  ma¬ 
chines?  There  are  100  of 
them  in  the  company,” 
fish  asks  get-tough  se- 
curity  guy.  “He  quickly 
realized  the  horrible  se¬ 
curity  exposure  was  now 
his  problem  -  and  got  off 
the  phone  in  a  hurry.” 


out,  and  panicked  IT  ap-  j 
plications  manager  calls  I  Talking  Trash 
the  help  desk.  “Her  mis-  I  A  virus  destroys  the 
stow-rcrtBcail  department  ;  data  on  one  of  this  com- 
was  being  impacted  by  j  pany’s  critical 
our  unplanned  total  net-  j  so  IT  pilot  fish  calls  off- 
work  outage,  and  she  j  site  for  the  backup 
demanded  a  wireless  j  tapes.  They’re  sitting  in 
laptop  to  connect  to  the  j  an  open  box  on  the  data 
downed  network,”  says  \  center  floor,  ready  for 
support  pilot  fish.  “We  j  the  restore  in  the  mom- 
didn’t  have  the  heart  to  j  ing,  when  the  night 
tell  her  that  it  wouldn’t  j  cleaning  crew  arrives, 
work.  Last  I  heard,  a  j  “No  one  ever  thought  a 
tech-support  staffer  was  j  loosely  stacked  set  of 
going  upstairs  to  drop  j  4mm  tapes  could  look 
off  the  laptop."  j  like  trash,”  sighs  fish. 

j  “Now  the  cleaning  peo- 
Oops!  j  pie  are  only  allowed 

Blasted  by  the  latest  j  to  throw  out  stuff  that 
worm,  this  company  j  has  been  tagged  as 
vows  dire  consequences  i  garbage.” 


OFEED  THE  SHARK!  Send  your  true  tales  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 
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Conference  &  Expo 
November  17-20,  2003 
Mandalay  Bay  Convention  Center 
Las  Vegas,  Nevada 


Including 
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Featuring  the  following  keynoters: 

PETER  BLACKMORE 

Executive  Vice  President, 

Enterprise  Systems  Group,  Hewlett-Packard  Co. 

Monday,  November  17  •  2:30pm 


JOSEPH  G.  LICATA  JR. 

President,  Enterprise  Networks  Division 

Siemens  Information  and  Communication  Networks,  Inc. 

Tuesday,  November  18  •  11:30am 

RICK  BERGQUIST 

SVP  S.  CTO 
PeopleSoft,  Inc. 

Wednesday,  November  19  •  2:30pm 

LUCA  CAFIERO 

Senior  Vice  President,  General  Manager 
Storage  Technology  Group,  Cisco  Systems,  Inc. 

and - 

SON  I  JIANDANI 

Vice  President,  Storage  Technology  Group 
Cisco  Systems,  Inc. 

Tuesday,  November  18  •  2:30pm 
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Jupiter  Research-  Integrated  Views,  Enterprise  Technology, 
s  y  m  p  o  s  i  u  m  End  User  Technology,  Access  &  Applications. 


Developers:  Utility  Computing,  Longhorn,  Security,  Encryption,  Open 
Source,  Linux  Desktops,  Semantic  Web,  Data  Mining,  Content  Delivery 
Networks,  Digital  Rights  Mgmt.  &  more. 

Web  Services:  .NET  Framework,  C#  S,  J#,  J2EE,  JMX,  Websphere,  RSS 
Feeds,  SOAP  &  UDDI,  WSDL,  .NET  Remoting,  VoiceXML/SALT  &  more. 


Hardware  &  Systems  Networked  Storage,  DVD-RW,  Gigabit  Ethernet, 
Mesh  Networks,  Voice  Over  IP,  802.1  lx  Networks,  RFID  Tagging  &  more. 


Analyst  Sponsor - 


Enterprise  Executive:  IT  Management  Forum,  ROI  for  the  CTO,  Human 
Capital  Management,  Best  Practices  in  New  IT  &  more. 

Vertical  Markets  Covered  Include: 

Mobility  ■  Enterprise  Applications  ■  Security 
Network  Management  ■  Linux/Open  Source  ■  Storage  ■  Hardware 
Web  Services  ■  Application  Development  ■  Convergence 


Media  Sponsors 


Jupiterresearclx 


internet.com 


&  EARTHWEB.COM* 


.com 


Mobile 

Enterprise 
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For  a  complete  listing  of  speakers,  session  descriptions,  sponsors, 
and  exhibitors,  or  to  register,  visit  the  euent  Web  site  at 
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at  COMPUTER  DIGITRL  EXPO 


A  Week  of  Professional  Development  Si  Insight; 
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Dell  Handles  125,000 

Transactions  Per  Hour  With  Oracle 

DOL' 


Dell  counts  on  Oracle  on  Linux  to  handle 
customer  orders  every  day. 

What  do  you  run? 


oracle.com/success/delf 
or  call  1.800.633.0759 
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